Error code "1008:: Packet Capture is down" and Network Monitor status "Unknown" in DLP
search cancel

Error code "1008:: Packet Capture is down" and Network Monitor status "Unknown" in DLP

book

Article ID: 160019

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

Network Monitor status unknown in Symantec Data Loss Prevention (DLP).

Error code 1008:: Packet Capture is down

Resolution

Solution:

  1. Verify that the correct version of WinPcap is installed and is running on the Network Monitor server. Check the DLP Installation Guide for the correct version of WinPcap.
  2. Verify connectivity between the Enforce and Network Monitor server using ping.  
  3. Use netstat -aon | findstr "8100" from Enforce to Network Monitor server and vice versa. 8100 is the communication port between Enforce and the Detection Server. This is the port that MonitorController uses to communicate.
  4. Check the MonitorController logs (on Enforce) and the PacketCapture logs (on the Network Monitor) for further reference.
    Note: for RHEL, use netstat -aon | grep 8100

 

 

Powered by Wolken Software