Packets are being dropped during a PCAP import on Security Analytics
Last Updated October 04, 2017
Cooked PCAP contains UDP packets that are unable to be imported into Security Analytics. The packets are dropped.
Cooked mode is an old Linux-specific capture mode in which the link-level headers aren't included in the PCAP file. Security Analytics currently relies on the link-level headers, and there isn't normally a good reason to expect that they're not there.
Details about Linux cooked-mode capture can be found here.
This is working as designed.
Imported Document ID: 000032451
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe