Zeek on Linux can't process pcapng file

[philrz]

This problem seems to be unique to Linux, as I've tested with this same pcapng file on both MacOS and Windows may times without complaint. Repro'ed via:

1. Create a scratch Linux VM in Google Cloud running Ubuntu 18.04 LTS
2. Download and unpack the Zeek v3.0.2-brim2 release artifact
3. Unpack hello.pcap.zip and attempt to process it with Zeek

# zeek/zeek -C -r hello.pcapng 
fatal error: problem with trace file hello.pcapng (invalid interface capture length 524288, bigger than maximum of 262144)

[alfred-landrum]

Though it's not official, the comments at: https://github.com/the-tcpdump-group/libpcap/issues/527

make it seem as if this is resolved in recent libpcap versions, at least libpcap 1.9.0. We would need to rebuild the linux zeek artifact against that version (1.9.1 is latest).

[philrz]

Indeed, I see that our current Zeek release workflow relies on Ubuntu 18.04 and I learned by creating a scratch Ubuntu 18.04 VM in Google Cloud that the version of libpcap-dev that our release script would install via apt-get is v1.8.1.