Snort progress

One of my task now is to identifying P2P activity from the tcpdump data collected by using Snort. But somehow, there is a problem where I could't get all alert from the total data. After rerun, retry and all the re..stuff, I manage to discover that on all occasion, snort actually ignore the discarded frame. That's why the delivered output is not the one expected. Of course we discard the frames during capturing process, because of the limited space of storage. However, need to find out how to deal with the snort feature.