Disclose known limitations of embedded pcap analyzers

Using #19 as an example, as of the moment of its closure, both Zeek and Brimcap have support for this cooked/SLL link layer protocol but Suricata still doesn't. We can't be responsible for every downstream limitation of the pcap analyzers we embed with Brimcap, but to the degree that we're aware of ones that have impacted our users in the past and hence are likely to come up again in the future, I could start to list them in the [Troubleshooting](https://github.com/brimdata/brimcap/wiki/Troubleshooting) article. I'd probably want to link to the article from places like the [build-zeek README](https://github.com/brimdata/build-zeek).

Also worthy of note:
* https://github.com/zeek/zeek/issues/3534 (see also: https://github.com/brimdata/build-zeek/issues/5)
* https://github.com/zeek/zeek/issues/3590 (see also: https://github.com/brimdata/zeek/issues/40)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Disclose known limitations of embedded pcap analyzers #337

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Disclose known limitations of embedded pcap analyzers #337

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions