Quite nice feature of wireshark is, that it can receive data from remotly running tcpdump. I use plink (which is part of putty tools squite) here, to open channel to remote unuix host where I open tcpdump. In addition you can specify -pw parameter with a password.
plink.exe -ssh "firstname.lastname@example.org" -m command_eth0.txt | "c:\program files\wireshark\wireshark.exe" -k -i -
where command_eth0.txt contains:
sudo /sbin/tcpdump -s0 -w - -n -i eth0 host 192.168.0.16 \&\& ! port 12345