You can use it to filter (i.e. limit) the number of "hashes" by generating a .hccapx file that only contains "hashes" involving only a very specific network name (ESSID). That means, if you know the network that needs to be cracked, the file you generate only contains this limited/reduced number of "hashes".
Of course this depends a lot on how the original capture file (.cap) was generated and how many networks the network interface captured.
Consider the special cases when the capture contains only handshakes involving a single network name (ESSID), the number of hccapx items ("hashes" and also the file size) will be exactly the same.
That means that whenever you are trying to attack only a very specific network (with a very specific ESSID) it makes sense to use the cap2hccapx ESSID filter because it will remove all the other networks that you are not trying to crack.
Of course this depends a lot on how the original capture file (.cap) was generated and how many networks the network interface captured.
Consider the special cases when the capture contains only handshakes involving a single network name (ESSID), the number of hccapx items ("hashes" and also the file size) will be exactly the same.
That means that whenever you are trying to attack only a very specific network (with a very specific ESSID) it makes sense to use the cap2hccapx ESSID filter because it will remove all the other networks that you are not trying to crack.