Great suggestion, but I don't have LabVIEW.
I'm thinking that I could start tshark, the command line version of Wireshark, as a setup test step, and then shut it down in the clean up step.
https://www.wireshark.org/docs/man-pages/tshark.html
But, I need to continue executing test steps for the UUT while the capture is active. I don't know the pattern for setting up parallel threads of execution in TestStand, so that's the real question - how to fork a sequence, and then terminate both forks.
