Why would the kernel drop packets?

From the tcpdump's manual:

packets ``dropped by kernel'' (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as 0).

A bit of explanation:

The tcpdump captures raw packets passing through a network interface. The packets have to be parsed and filtered according to rules specified by you in the command line, and that takes some time, so incoming packets have to be buffered (queued) for processing. Sometimes there are too many packets, they are saved to a buffer, but they are saved faster than processed, so eventually the buffer runs out of space, so the kernel drops all further packets until there is some free space in the buffer.

You can increase the buffer size with the -B (--buffer-size) option like this:

tcpdump -B 4096 ....

Note that the size is specified in kilobytes, so the line above sets the buffer size to 4MB.

One more thing to consider/try is that tcpdump may be spending a lot of time doing DNS queries to resolve IPs to domain names. If you don't need those, try throwing in the -n (no lookups) flag. e.g.:

tcpdump -n port 80

According to man tcpdump:

packets dropped by kernel (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as 0).

The kernel puts captured packets in a fixed-size capture buffer. If tcpdump doesn't empty that buffer quickly enough, the kernel will begin overwriting old packets in the buffer and correspondingly incrementing the dropped counter. The value of that counter is what you see as "dropped by kernel".

By the way, you can resize the capture buffer: Pass tcpdump the -B option with a KiB size.