plink.exe -ssh <user>@<linux-host> "sudo tcpdump -nnieth1 -s65535 -w -" | "c:\Program Files\Wireshark\Wireshark.exe" -k -i -Tcpdump switch '-U' (--packet-buffered) may be useful to disable packet buffering and thus speed up data transfer to wireshark.
http://danielflannery.ie/running-wireshark-over-ssh-windows/
