Cooked PCAP contains UDP packets that are unable to be imported into Security Analytics. The packets are dropped.
Cooked mode is an old Linux-specific capture mode in which the link-level headers aren't included in the PCAP file. Security Analytics currently relies on the link-level headers, and there isn't normally a good reason to expect that they're not there.
Details about Linux cooked-mode capture can be found here.
This is working as designed.
Imported Document ID: 000032451
Subscribing will provide email updates when this Article is updated. Login is required.