Disable the software flow offloading under firewall if it is not already disabled and install ethtool and check if Generic Receive Offload and Large receive offload is disabled. I had the problem that only LRO was disabled with software flow offloading but I had to disable GRO with ethtool (ethtool -K eth0(1) gro off) and add it to rc.local. What could also help is to change the fanout_type from hash to cpu and maybe create multiple snort streams with the -z (x) parameter in the start line which costs more memory but divides the bandwidth better. But honestly I don't give you much hope because I have an Apu2 device here and that is already pretty busy with Snort a Raspi might be too weak.