it is possible to do a live packet capure on a remote linux machine and process it live in wireshark on a windows machine. you need to have wireshark and plink (comes with putty) installed. To get a remote packet capture from a linux computer to a windows machine running wireshark: plink user@host -batch -P 222 "sudo tshark -i eth1 -w - " | "c:\Program Files\Wireshark\Wireshark.exe" -k -i - plink: windows executable that create’s an ssh link user@host: ssh user and host -batch: no questions asked -P: used port sudo tshark -i eth1 -w - : with sudo execute tshark on the remote server, listening on interface eth0 and -w write the output to stdout pipe the output of the remote ssh command to wireshark -i -: use stdin as input for wireshark