In the first case it is normal ssh session with pseudo-terminal.
If you want just the data (without terminal control characters and stuff like that), you should try ssh
with -T
switch.
The other solution how to achieve the same behaviour is to put no-pty
next to the command in authorized_keys
file (thanks @mykel):
command="sudo tcpdump -n -i eth0 -s 65535 -w -",no-pty ssh-rsa AAAAB3NzaC....