It is now possible to capture payload data for the following protocols: TCP, UDP, ModbusTCP, USB.
Setting the flag works for both live and offlline capture, afterwards the raw payload bytes are stored in the Payload field of the audit records.
This can be enabled with the -payload flag:
$ net.capture -r traffic.pcap -payload
This works similar to offline capture:
$ net.capture -iface en0 -payload