If my development machine has an iptables rule to FORWARD some packets, are those packets being captured by tcpdump? I have this question because I know there exist other chain called INPUT which filters packets to apps, if a packet is routed to FORWARD chain, will it reach tcpdump app?
May you make some reliable reference to official documentation or express well explained ideas to solve this question?
TCPDump captures traffic from the hardware device. Iptables handles network frames at a different level.
So the answer is no, TCPDump will capture traffic only when it passes through the network card. IPtables can be taking inbound traffic on a card that TCPDump is monitoring, but may send it outbound on a different network card that is not being monitored by TCPDump.
Just remember, TCPDump will catch the traffic only if it passes through the network card.