How to use Wireshark on Windows to watch a remote UNIX system, using SSH

---

Situation

You're using tcpdump on a UNIX box but you would like to use Wireshark for all its awesome features (gui, analysis, etc.) on your local Windows desktop computer.

Solution

Connect to your box using SSH and pipe the output of tcpdump into wireshark.

"c:\Program Files (x86)\PuTTY\plink.exe" -ssh root@my-unix-box.example.com "tcpdump -w - -s 65535 [tcpdump condition] " | "c:\Program Files\Wireshark\wireshark.exe" -i -

plink is bundled with putty, but you can download it separatly.

---