Also, just as a side note, since in reality, tcpdump will ONLY really show you if traffic leaves specific interface you are filtering for, but fw monitor will show you way more than that...so maybe run something like this -> fw monitor -e "accept host(x.x.x.x) and port(21);"
Where x.x.x.x is your ftp server IP address
You can also do below:
fw monitor -F 'x,x,x,x,x' -F "y,y,y,y,y'
x,x,x,x,x = source IP, source port, dst IP, dst port, protocol
y,y,y,y,y = source IP, source port, dst IP, dst port, protocol (just traffic flowing other way around)
Hope that helps.