[/tmp]# /usr/bin/time tcpdump -c 25000 -i eth2 -n -w /dev/null
tcpdump: listening on eth2
26277 packets received by filter
1270 packets dropped by kernel
0.04user 0.25system 0:03.88elapsed 7%CPU (0avgtext+0avgdata 0maxresident)k
0inputs+0outputs (189major+123minor)pagefaults 0swaps
[/tmp]# /usr/bin/time tcpdump -c 25000 -i eth3 -n -w /dev/null
tcpdump: listening on eth3
25188 packets received by filter
184 packets dropped by kernel
From this it appears that just using tcpdump, you're already dropping a
lot of packets - and given 4 seconds elapsed time, this is happening at a
pretty modest load, about 6Kpps, even when you're not capturing full packets.
That all boils down to this certainly looking like a problem with the
packet filter itself rather than Bro.