Capture traffic on remote system with tcpdump and view in Wireshark locally
Instead of copying pcap files from system to system for analysis, it is possible to run tcpdump on a remote host and feed the capture to wireshark over the SSH connection in near real-time.
ssh root@remotesystem 'tcpdump -s0 -c 65535 -nn -w - not port 22' | wireshark -k -i -