I always forget this, so I’ll just write it down, even though it’s easily findable on the net.

To do a remote capture from windows to a linux box do:

ssh root@192.168.56.100 tcpdump -i any -U -s0 -w - 'port 80' | wireshark -k -i -

Now if we need to run it within docker:

ssh root@192.168.56.100 docker run --rm -it --net=host tcpdump tcpdump -i any -U -s0 -w - 'port 80' | wireshark -k -i -

An even better hack is to attack it to a specific container:

ssh root@192.168.56.100 docker run --rm -it --net=container:containername tcpdump tcpdump -i any -U -s0 -w - 'port 80' | wireshark -k -i -