Cooked PCAP contains UDP packets that are unable to be imported into Security Analytics. The packets are dropped.


 

Cooked mode is an old Linux-specific capture mode in which the link-level headers aren't included in the PCAP file.  Security Analytics currently relies on the link-level headers, and there isn't normally a good reason to expect that they're not there.



Details about Linux cooked-mode capture can be found here.

 

This is working as designed.