The -D flag makes SSH acting as a SOCKS (4,5) proxy server, which simply is a SSH tunnel in which specific applications forward the traffic through the tunnel to the remote server. Unlike local port forwarding, dynamic port forwarding can handle connections from multiple ports.