Here you have a very useful command for when you want to analyze traffic remotely with tcpdump over ssh using wireshark.
ssh root@192.168.1.1 tcpdump -i any -U -s0 -w - 'not port 22' | wireshark -k -i -
The idea is to run tcpdump on the remote server over ssh, send that capture in real time through this encrypted connection and view it on our local computer with wireshark, a graphical package inspector with many interesting features.