Under Monitor > Traffic, packet captures are randomly being generated for applications identified as unknown-tcp or insufficient-data.
For unknown traffic and some apps that get detected with heuristics in unknown decoders, there is a capture done automatically by default. A packet capture is not generated for every item because the number of captures are limited to protect system performance.