Is it realistic to run network traffic capture tools in Docker?

I maintain the docker Bro IDS image and I mostly use it to analyze PCAP, but I want to transition to using it to capture traffic live off the wire.

Is there anything I need to do to maximize Docker’s performance with respect to not dropping any packets on the floor?

Much thanks for any help and insight into high performance networking in Docker.