tcpdump can be configured to write its capture to standard out, and Wireshark can read from standard in. SSH allows you to remote exec a command, and have it stream the output back.

This allows one to perform a remote Wireshark capture quickly and easily - one of the nice uses for this is to perform captures from a Ubiquti router. For exmaple:

ssh 'sudo tcpdump -f -i eth1 -w - port 53' | /Applications/Local/  -k -i -

This ssh's to my home router, and starts tcpdump listening on interface eth1. It writes the output to STDOUT ('-w -') and only captures port 53. This then streams to wireshark on my local machine (-k is "start capturing immediately" and -i is interface -- in this case, STDIN (-)).