That's essentially what I did with windump. I filtered on traffic originating from my box, with a destination other than my internal net. Since I use a proxy server, all legitimate web traffic goes there, which is internal, so there wasn't much going directly outside. I was able to watch the traffic I sent out. I've got that problem pretty much under control.
Could you not filter it to look for specific things like port 80 or winroute.cz? The only tool that I know that could filter as it's collecting would be something like Snort IDS where you can create your own ruleset and have it only detect those that match that pattern. All others it just ignores and let's pass.