i am probably doing something wrong, but i cant sniff anything from my datacenters.
What does tcpdump show? Run it briefly and then terminate. Take note if there are any packets filtered by the interface - this would likely indicate that there is a lot you could be sniffing but don't have your server configured correctly.
100753 captured 100753 recieved 0 dropped
and all of them were my two ssh connections for few minutes while tcpdumping.