how to capture packets with tcpdump and output to pcap for wireshark
-s 0 tell tcpdump to get the entire packet
-w filename.pcap is going to be your output file name
not port 1024 tells tcpdummp to ignore port 1024
you can also say port 1024 to capture packets on that port with tcpdump
tcpdump -s 0 -w filename.pcap not port 1024 and not port 80
You can optionally capture the packets with your firewall