it is possible to do a live packet capure on a remote linux machine and process it live in wireshark on a windows machine.
you need to have wireshark and plink (comes with putty) installed.
To get a remote packet capture from a linux computer to a windows machine running wireshark:
plink user@host -batch -P 222 "sudo tshark -i eth1 -w - " | "c:\Program Files\Wireshark\Wireshark.exe" -k -i -
plink: windows executable that create’s an ssh link
user@host: ssh user and host
-batch: no questions asked
-P: used port
sudo tshark -i eth1 -w - : with sudo execute tshark on the remote server, listening on interface eth0 and -w write the output to stdout
- pipe the output of the remote ssh command to wireshark
-i -: use stdin as input for wireshark