Hello there !
In this brief tutorial, I will show how capture remote traffic through ssh and analysis with wireshark.
the basic to do this is:
$ mkfifo /tmp/remoteif
$ ssh root@yourserver “tcpdump -ni pflog0 -w – host 10.20.30.40” > /tmp/remoteif
$ wireshark -k -i /tmp/remoteif
* Tips: configure your remote user to use sudo to execute tcpdump. Configure root login without password using keys
An especial thanks to my friend mentesan -> Muito Sapeca !