You can do this with any capture device if you pipe the output to a FIFO handle and open it in wireshark. It can be a bit janky and you’re usually better off using the GUI configs when they’re available. But it gives you a bunch of flexibility to do things like “capture tcpdump in a docker exec in an SSH session on a remote host” [0].
Not creating a capture and then downloading it, actual real time network captures.