Suricata should work fine on “dummy” devices in Linux, and similar bridge type interfaces.
Are all the packets being forwarded? Everything look OK in tcpdump? Maybe there will be some hints in the stats records.
1 Like