I don’t have a great answer here. Ideally, the whireshark package would provide a polkit enabled DBus service that would let the Flatpak dynamically request the service to tcpdump an interface and forward the content to the unprivileged Flatpak.
As a workaround, running tcpdump from a privileged (root) toolbox and then analyzing the result in the Flatpak could do it as well.
I’ve never run sshdump but I found the following pages:
- sshdump(1)
- How do I use SSH Remote Capture in Wireshark - Ask Wireshark
- How do I use SSH Remote Capture in Wireshark - Stack Overflow
It looks like it would only require tcpdump to be available on the host.