sniffing traffic

hi
suppose i get a meterpreter sessions or a shell
using a reverse_tcp payload .
and i DON' t want to use ettercap and make a arp poisonning to the network
to sniff the traffic(man in the middle)
their is any software that i can download to the target pc (xp,vista...)
to sniff all the traffic passing throught his interface and store them to a .cap file in the target machine
then i will later download them??
i mean a software that can be launched from the command prompt (like nc,pexe...)
only for education purpose.
thanks.

tcpdump should fit the requirement.

agreed. I have used tcpdump in the past. Its cli, and its a small download

and a third vote for tcpdump (the windows version)!