In order to record the traffic, you can use tcpdump on linux
tcpdump -G 15 -W 1 -i any -nn -w /tmp/slor-wto176.cap' -t 60
This will record for 15 sec , with rollover file of 1 only (taken from http://stackoverflow.com/
We listen to all network card (-i any) and output the file into a file.
Then, you can open the .cap file into WireShark
For filter, you can use elasticsearch , for ex, or tcp.flags.reset ==1 or tcp.stream eq 28 or ip.dst_host == 10.32.134.203 etc ...
Here's some snapshot of wireshark usage:
and when clicking on "Follow Stream" :
