If, like me, you need to use Wireshark on Windows remotely, you can do that via SSH.
For example, I have a CentOS server that I can use to “homerun” all my Ethernet to, allowing me to monitor anything not switched.
With SSH running on the CentOS box, I use:
/usr/sbin/tcpdump -i virbr0 -U -w - 'not (host 192.168.5.130 and port 22)'…this will use tcpdump on the named interface (virbr0) and avoid noise traffic for the SSH session I’m using. Easy.