Wireshark is a network traffic monitoring tool.

basic usage

This is covered really well here

slightly advanced tricks

• add any field as a custom column (or you can do it from prefs)

• add geoip db and then go to Statistics > Endpoints and you can see the IPs plotted out on a map

• decrypt tls by importing the cert

• decrypt WPA encrypted wifi

SSHdump

You can capture packets from an interface on a remote machine using SSH and tcpdump.

On Mac/Ubuntu this is built into Wireshark by default and you can select it as an option from the capture interface screen. (I think on Windows there's a plugin. Go find out and update this wiki!)

You just give it the SSH details and it runs tcpdump on the remote machine.