So far I tried Dwall but like Bored369 says, it doesn't log as far as I could tell. It does grab things, but doesn't log.
With the amount of data going by, I don't think I can use tcpdump...
Maybe like dustbyter says Wireshark and some real-time filtering?
I tried using Responder for two hours last night and I honestly couldn't get it to grab anything from my target even though I was on the target opening FTP connections silly-nilly. My hunch is Responder is what I need, but its not cooperating.
You'd think something as basic as unencrypted forms and plaintext credentials would be something this platform could do out of the box.