netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=<ip> tracefile=<filepath>\<filename>.etl 

You have to load the etl file to “Microsoft Network Monitor” and export it to cap.

On the website http://www.tech-wiki.net/index.php?title=How_to_capture_traffic_with_no_Wireshark_using_netsh

I found the following powershell code to convert it:

$s = New-PefTraceSession -Path “C:\temp\OutFile.Cap” -SaveOnStop
$s | Add-PefMessageProvider -Provider “C:\temp\capture.etl”
$s | Start-PefTraceSession

netsh trace start capture=yes protocol=17 

You can make it persistent, e.g. if you want to capture the boot:

netsh trace start persistent=yes capture=yes tracefile=c:\trace.log

To stop enter

netsh trace stop

Capture ICMP traffic:

netsh trace start capture=yes protocol=1 tracefile=c:\temp\trace.etl fileMode=single maxSize=500

More information: https://www.computertechblog.com/capture-network-traffic-with-netsh-trace-windows-command/