====  Capture live packets from server using Wireshark and SSH tunnel ====

\\
In case you want to **capture directly** over an SSH tunnel on your **Wireshark** GUI tool, you can use ssh tunneling and **netcat** to do so, by:
<code bash>
# in one terminal, run
nc -lp 4567 | sudo wireshark -k -i -

# on another terminal, run
ssh -R 127.1:4567:127.1:4567 your-server.net
\__ tcpdump -iany -nn -w - | nc 127.0.0.1 4567
</code>