Hello Willy,
Assuming you are working with Sourcefire's FireSight Management System, you may create a snort rule to define the traffic you would like to capture. Once the rule is triggered, navigate to Analysis > Intrusion > Events. From their select the events you would like the pcaps and click the download button.
Here is a guide which provides step by step instructions using screenshots:
http://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/117892-technote-sourcefire-00.html
Let me know if it solved your issue!
- Peter