Which version of the WSA are you running?
In 5.6, there is a new CLI command "packetcapture". I highly recommend using this, since the Diagnostic command is deprecated and will be removed in 6.0.
From this command, you can easily set the capture filter via the context menus.
Filter syntax is standard tcpdump. You can also use the new GUI capture menu:
------------------------------------------
GUI -> Support and Help (upper right corner) -> Packet Capture
Edit Settings:
Select the appropriate interfaces to capture as well as the capture filter. If you are uncertain what filter to use, run the capture with "no filters".
** Be advised that on high traffic networks, an unfiltered capture may hit the maximum size before capturing the necessary data.
The Start the capture, reproduce the issue and then stop the capture. The packet capture will be date stamped and in the "Manage Packet Capture Files" section.
------------------------------------------