Security analytics allows you to download raw PCAP files from traffic captured on the system.  On occasion, the PCAP file that is downloaded may be empty or may be 0 bytes in size.

This can be caused by several different issues.

• The timespan selected doesn't contain any pcap data
• The filter specified is to narrow and doesn't meet the criteria of any packets
• An error was triggered 
• You are attempting to download the pcap during a log rotation, which may kill the http session (usually indicative of attempting to download again and succeeding)
  • This bug is alleviated in SA version 8.2.4 or greater

If you do encounter a 0-byte pcap file, take a look at the /var/log/messages file and look for any errors that would indicate why the file is empty and be ready to share those results with technical support.