How can I sniff the traffic of remote machine with wireshark?

On Linux and OSX you can achieve this by running tcpdump over ssh and having wireshark listen on the pipe.

1. Create a named pipe:

   $ mkfifo /tmp/remote

2. Start wireshark from the command line

   $ wireshark -k -i /tmp/remote

3. Run tcpdump over ssh on your remote machine and redirect the packets to the named pipe:

   $ ssh root@firewall "tcpdump -s 0 -U -n -w - -i eth0 not port 22" > /tmp/remote

Source: http://blog.nielshorn.net/2010/02/using-wireshark-with-remote-capturing/

I use this oneliner as root. Is very useful!

ssh root@sniff_server_ip -p port tcpdump -U -s0 'not port 22' -i eth0 -w - | wireshark -k -i -

The last - before de | is the redirection of that output and is used to standard input by wireshark. The -k option in wireshark means "start inmidiately sniffing

One approach is to use what's called a mirror or span port on your switch. If your switch isn't inteligent enough you can also put a small hub inbetween the switch/host-to-capture connection. You connect a physical link from your listening host to that port/hub and then you can see all the traffic crossing the device. Alternatively, you'll need to install your packet capture software in a more strategic location in your network like a border firewall/router.