[Zeek] 「FOR HELP」The mirrored traffic is heavily lost.

[杨毅凌]

I mirrored the traffic between the core switch of our computer room and the public network firewall, but the zeek report contained a lot of packet loss (30%), and currently uses PFring for packet capture. I confirm that the hardware is fully capable of handling these packet。"Capture loss" and "dropped packets"  have alarms。At the same time, in the werid log, a large number of TCP_seq/ack_underflow_or_misorder logs are included.
So I want to know why there is such a high rate of packet loss, how to trace the cause, and how to solve it.I look forward to receiving your reply.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191029/b75ed80c/attachment.html