The PT NAD sensor uses one of the two traffic capture tools: DPDK or AF_PACKET.
DPDK is used in the standard PT NAD configuration. It is a recommended traffic capture tool. DPDK is an Intel library that provides the most effective way to capture traffic in Linux. Traffic analysis without loss at a rate of dozens of gigabits per second is achieved through the efficient usage of available hardware resources. In particular, DPDK does not use operating system drivers to manage network interfaces, and it distributes traffic during processing to any number of available processor cores. For guaranteed operation of the tool at a capture rate above 1 Gbps, use a network card of the recommended manufacturer.
AF_PACKET is a backup tool for traffic capture. Use it only if the sensor is not started with DPDK. AF_PACKET ensures traffic processing speed up to 1 Gbps and may cause problems with analysis of some traffic classes.
Unlike DPDK, in the sensor configuration for AF_PACKET, you configure the total number of processor cores for capturing and processing traffic.