在你的流量,我会声称libpcap应该没有丢弃数据包的麻烦,除非你有一个特别低效的设置.如果您使用tcpdump进行捕获,它将报告其最终输出行中丢弃的数据包的数量.如果您看到丢弃的数据包,您可能希望通过提供 the -B option来设置一个远高于默认值2 MB的值来增加tcpdump的缓冲区大小.

不过,您可能想看看PF_RING：

Who needs PF_RING™?

Basically everyone who has to handle many packets per second. The term
‘many’ changes according to the hardware you use for traffic analysis.
It can range from 80k pkt/sec on a 1,2GHz ARM to 14M pkt/sec and above
on a low-end 2,5GHz Xeon. PF_RING™ not only enables you to capture
packets faster,it also captures packets more efficiently preserving
cpu cycles. Just to give you some figures you can see how fast nProbe,
a NetFlow v5/v9 probe,can go using PF_RING™,or have a look at the
tables below.

10 Gigabit tests performed on a Core2Duo 1.86 GHz and a low-end Xeon
2,5 Ghz

ixgbe 
            Application                                 Rate 
pfcount (RX,with PF_RING™ DNA)        11 Mpps (Core2Duo),14.8 Mpps (Xeon) 
pfsend (TX,with PF_RING™ DNA)         11 Mpps (Core2Duo),14.8 Mpps (Xeon)

PF_RING user guide解释了如果您坚持使用libpcap应用程序进行数据包捕获,如何编译和配置启用PF_RING的libpcap库.