I came into this exception when trying to read a valid pcap file. I can read the file with tcpdump -r .
I verified that this is a valid pcap file (d4 c3 b2 a1 header), but still getting this exception. I noticed that the linktype mentioned by tcpdump is linktypeRaw and I guess packetbeat can't read this link type. Is there any workaround for this situation?.
Edit: New problem: The peoblem was that L2 traffic was missing in the pcap file. we have been edit the packets and created new file, and now packetbeat does read the file, but it omits L7 of the packet (it doesn't send any SSL values to elasticsearch, only L4 and below).