To analyze traffic remotely over ssh:

ssh use@server sudo tcpdump -U -s0 -i pflog0 -w -| wireshark -k -i -

In case need an specific port:

ssh use@server sudo tcpdump -U -s0 -i pflog0 -w - 'port 5984' | wireshark -k -i -

To ignore trafic from ssh:

ssh use@server sudo tcpdump -U -s0 -i pflog0 -w - 'not port 22' | wireshark -k -i -

Or:

wireshark -k -i <(ssh [email protected] -p 2222 tcpdump -i em0 -U -w - not tcp port 22)