Tcpdump is great for debugging network problems but there are times when we need specific functionalities of Wireshark such as the audio stream reconstructor from RTP traffic, for which the best option is to pipe the output of a remote tcpdump to our local Wireshark through an ssh connection.
We compile Wireshark with the necessary use flags:
vi /etc/portage/package.use/wireshark
net-analyzer/wireshark capinfos caps captype dftest dumpcap editcap filecaps mergecap netlink pcap qt5 randpkt randpktdump reordercap sharkd ssl text2pcap tshark udpdump zlib -adns -androiddump -ciscodump -doc -doc-pdf -geoip -gtk -kerberos libssh -libxml2 -lua -lz4 -nghttp2 -portaudio -sbc -selinux -smi -snappy -spandsp sshdump -tfshark
We pipe the output of the remote tcpdump to our local Wireshark:
ssh HOSTNAME "tcpdump -U -s0 -w - ’not port 22’" | wireshark -k -i -