tcpdump is a wrapper for RAW sockets and eBPF. You can use WinPCAP, but it's not possible to use something like fanout(It's possible to make multithreaded tcpdump for Linux) or you can't use interface "any"(it's a Linux specific layer). The worst thing is that you can't trace your kernel IP/TCP info, like sk_buff tracing in Linux.