1) Performance. Zero copy ("The kernel writes them from the NIC to shared memory, then the kernel uses that same shared memory for O_DIRECT writes to disk. The packets transit the bus twice and are never copied from RAM to RAM."). Parallelism.
2) Disk management. Rotates old data, etc
3) Indexing and supports efficient retrieval while writing.
It allows to analyse the traffic after the fact, at 10Gbps line speed.
I'm aware of libpcap's ability to share memory with a user buffer, but I didn't find any mention that tcpdump utility is actually written to exploit it for extra fast writes.
I guess that in principle they could have patched tcpdump, but it's probably easier to have a smaller software written to do exactly what you want rather than extend a general purpose mature complex tool such as tcpdump.
2) Disk management. Rotates old data, etc
3) Indexing and supports efficient retrieval while writing.
It allows to analyse the traffic after the fact, at 10Gbps line speed.