FWIW, there is a golang tcpdump clone here:
I have made (and use) a thin docker image which installs it. You can install it for use with CoreOS with:
docker run --rm -v /opt/bin:/target ulexus/install-tcpdump
This allows you to execute tcpdump from the host, directly. Note that it's not a perfect clone, and the syntax is slightly quirky, but it produces perfectly fine captures either in ascii or in pcap (for Wireshark). Specifically, it requires explicit `-i` (capture interface) and `-s` (maximum packet size) parameters, as well as enclosing the tcpdump filter in quotes. If feeding to wireshark directly from stdin, you'll need to strip the first line beginning with `tcpdump`. I run remote captures with a script like:
```
#!/bin/bash
ssh $CAPTURE_HOST sudo tcpdump -i eth0 -s 16550 -w - \'$*\' |grep -v ^tcpdump |wireshark -k -i -
```