/ wireshark

remote capture packets and analysis in wireshark

make a FIFO pipe

mkfifo /tmp/pipe

redirect ssh traffic to pipe*

ssh REMOTE_HOST "sudo tcpdump -i eth0 -s 0 -U -w - not port 22" > /tmp/pipe

open wireshark to analysis pipe

wireshark -k -i /tmp/pipe

*tcpdump needs root privilege, so make sure the user you logged-in can run this command or [give tcpdump the privileges](http://peternixon.net/news/2012/01/28/configure-tcpdump-work-non-root-user-opensuse-using-file-system-capabilities/)