Forwarding remote tcpdump streams to Wireshark

Often times one wants to analyze network traffic on a remote host with Wireshark running locally. One method is to capture the traffic with tcpdump on the remote host and then download the completed capture to your local computer and open it for analysis.

This works but is awkward and time consuming. What if, instead, one was able to watch the network capture in Wireshark live? With a combination of ssh and tcpdump it is possible to do just that as shown below:

Thanks to ‘Tux’ at for the inspiration.