Remote Wireshark

Use wireshark remotely

create a fifo file, owned by your user:

mkfifo ~/ftcpdump

In another terminal, send the data into wireshark

on your local machine do:

ssh server "cat ~/ftcpdump" | wireshark -k -i

(do not forget to filter out ssh)

Output tcpdump data into the fifo

from the remote machine :

tcpdump <filter> -U -s 0 -w ~user/ftcpdump