Using ssh it’s possible to do a remote packet capture and use a local tool like WireShark to view the packet capture in real time.
ssh 192.168.77.1 "tcpdump -s0 -i eth1.79 -w - 'port 53'" | wireshark -k -i -
What we have here is a quick example. We ssh to the remote router. In this case an Envoy at 192.168.77.1.
Then we run tcpdump; in this example we are capturing only DNS port 53 packets on interface eth1.79. We specified the “-w -” option to have tcpdump the packets out as a file but we then direct the output into a locally running wireshark process. This will cause the wireshark display in realtime the packets that match our tcpdump filter from the remote router.