Packets are being dropped during a PCAP import on Security Analytics

book

Article ID: 169216

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Cooked PCAP contains UDP packets that are unable to be imported into Security Analytics. The packets are dropped.

User-added image
 

Cause

Cooked mode is an old Linux-specific capture mode in which the link-level headers aren't included in the PCAP file.  Security Analytics currently relies on the link-level headers, and there isn't normally a good reason to expect that they're not there.

User-added image

Details about Linux cooked-mode capture can be found here.

 

Resolution

This is working as designed.

Attachments