Background
I bought a used aggregating TAP (a Network Instruments Aggregator nTAP with a 512MB buffer) and set it up between my cable modem and my router. I've got a dual-interface motherboard on my desktop (the machine running wireshark): one is an Intel I218-V and the other is an Intel I211. The latter is connected to one of the TAP's two "analyzer" ports. The OS on the desktop is Linux. The driver for the I211 interface (labeled enp8s0 by the OS) is the igb module.
Problem
I put the capturing interface into promiscuous mode and recorded a file being uploaded via HTTP to a remote server. TCP segment length varies widely, sometimes going above 8KiB, with ACKs that don't correspond to sequence numbers. I understand that segment lengths well in excess of standard MTU are often an issue with misconfigured ethernet interfaces on desktops/laptops.
If this is, in fact, the problem, where can I go to find more information on how to configure the interface to act as a simple drain for the aggregating TAP which will act as little more than a recording device for Wireshark?