Wireshark remote tcpdump

This will let you view tcpdump running on a remote host, locally on your host running Wireshark.

For this to work, you’ll need to have SSH root access to the remote host, with keys installed for autoamtic login.

ssh root@host "tcpdump -U -s0 -w - 'not host x.x.x.x'" | wireshark -k -i - 

In this example, x.x.x.x is the host running Wireshark. You will want to filter out this host to avoid runaway capture traffic, as this is being controlled through an SSH session.

You can of course use other tcpdump capture filters between the ‘single’ quotes in the above example.