Help with Bridge

edit

I am new to wireshark. I am working with the idea of capturing both Tx and Rx streams simultaneously using a passive TAP and Kali. I have read that 2 nic’s are required and can be bridged (Br). Everything works, I am capturing packets. I wanted to verify that I am capturing all packets by running the 2 nic’s and the bridge at the same time with 3 instances of wireshark. The 3 output files (pcapng) were exported and merged into a csv file. The entries are sorted by timestamp. I would expect that for every Br (bridged) entry there would be a corresponding Tx or Rx entry and for every Tx and Rx entry would have a corresponding Br. I don’t have that result. I have some Tx and Rx without a corresponding Br. Every Br that I have seen in the file has a corresponding Rx or Tx. But, not the other way around. Basically, I see that the bridge is not seeing (or recording) all the Tx and Rx packets. Would someone know if this is normal behavior? Obviously this isn’t the way one would normally capture streams. I suspect my computer may not be able to process this much streaming data at the same time. i5-6500T 2.5GHz CPU 32GB memory Computer is dedicated to Kali only, connected to internet only when necessary. I hope this isn’t too confusing.