if you're not keen on writing your own look into flow-tools and fprobe. fprobe uses libpcap (just like tcpdump) and exports netflow format files (just like the bigboy routers). you can then use flow-tools (and lot's of other tools) to give reports and graphs.

if you stick with tcpdump you can set the snaplen to just catch and decode the ip layer info if you don't need the ports. you can also set the '-l' option to have it unbuffer it's output (it may be buffering tons of lines and sending them to you in one big chunk making the whole pipe and swapping issue worse).