plink root@host tcpdump -i any -s0 -w - not port 22 | tshark -i - -w remote-traffic-captured.dump -a duration:3