Something I wrote at work to quickly start multiple tcpdumpsession on remote hosts and dump the output to wireshark sessions on my desktop.
It's badly commented, needs to be cleaned up and improved.
Depending on the speed of your pc and internet connection you may have to play a bit with the sleep value in the startsession function to prevent the script from
detecting the wrong pids of the ssh and wireshark sessions. These work for me on both my home and work pc. YMMV
Obviously I use this in combination with ssh-keys to prevent having to type passwords
Filters given after the -f flag are tcpdump filters (host 192.168.24.1 and proto ICMP etc.) and are valid for all hosts and interfaces provided.
The filters must be placed between quotes " "
If there is enough bandwidth I prefer not to use tcpdump filters and filter in wireshark, as you can place filters on each host and its interfaces
Feel free to improve