I am hoping for a workaround. If I understand correctly, Wireshark cannot currently remote capture and remote filter at the same time on multiple remote interfaces. For SSH remote capture, you have 3 options. Dumpcap, tcpdump, or "command". Currently dumpcap ignores remote capture filters, and tcpdump does not allow two interfaces to be specified (ignoring "any" which is not workable). It appears that the dumpcap issue already has an old bug associated with it. That only leaves "Remote capture command" as a possible current workaround. My needs are pretty simple. I have a transmit and receive stream from a single link tap. In order to see both sides of a conversation on this link, I need to capture two specific ports. Does anyone know of a "capture command" in "interface options: SSH remote capture" that might work?