wireshark
remote analysis
start tcpdump via ssh on a remote server and pipe the pcap data to wireshark running on your machine:
ssh user@server.domain "tcpdump -U -w - ‘port 80’" | wireshark -i - -k
wireshark can decode many binary protocols
start tcpdump via ssh on a remote server and pipe the pcap data to wireshark running on your machine:
ssh user@server.domain "tcpdump -U -w - ‘port 80’" | wireshark -i - -k
wireshark can decode many binary protocols