Tshark
From Logicalwebhost-Wiki
Command line version of wireshark, which used to be ethereal, but if you want to sniff network traffic remotely via ssh terminal, this is how you would do it. Most of this is in Debian Etch, but other OS'es should'nt be terribly different.
[edit] Installation
apt-get install tshark wireshark-common
[edit] Usage
http://medgarnet.blogspot.com/2007/10/tshark-filter-example.html
