PacketCapture appears to be running, but no vpcap files are being created

Article Id: 160051
Status: Published
Updated On: 29-07-2014 04:51
Legacy Id: TECH220258
Products:
Data Loss Prevention Network Monitor
Issue/Introduction:

PacketCapture appears to be running in the UI, but no vpcap files are being created in the /drop_pcap directory.
PacketCapture does not start with Endace Card because of space in driver path.

Resolution:

The Endace implementation requires the Endace driver paths to be defined in the Advanced Settings page.

PacketCapture does not appropriately handle spaces in the directory path.

PacketCapture.ENDACE_BIN_PATH

PacketCapture.ENDACE_LIB_PATH

PacketCapture.ENDACE_XILINX_PATH

By default, Endace drivers are installed in C:\Program Files\Endace

If you leave the space in "Program Files", the path may be split into two parts. In that case, you will see the following in the PacketCapture.log file:

dagrom: verbose: unprocessed argument: 'Files\Endace\dag-2.5.7.5\xilinx/dag43gepcix-terf.bit'

Here the C:\Program portion of the file name is being split from the rest of the line.

The end of the log will read:

 [.\PacketDriverDag.cpp:379]
05/21/08 16:48:44 [4776] INFO  PacketDriver %% - generalInitialize() _dagDescriptor: 0 [.\PacketDriverDag.cpp:453]
05/21/08 16:48:48 [4308] INFO  PacketCaptureMain %% - stopThread() Got stop request. [.\PacketCaptureMain.cpp:116]

A successful start will have the following log lines:

05/22/08 21:49:39 [2580] INFO  PacketDriver %% - generalInitialize() _dagDescriptor: 0 [.\PacketDriverDag.cpp:453]
05/22/08 21:49:39 [2580] INFO  PacketDriver %% - generalInitialize() Attached to stream: 0 [.\PacketDriverDag.cpp:464]
05/22/08 21:49:39 [2580] INFO  PacketDriver %% - generalInitialize() Dag adapter dag0 succesfully started. [.\PacketDriverDag.cpp:489]
05/22/08 21:49:39 [2580] INFO  PacketCapture %% - start() Capture thread started. [.\PacketCapture.cpp:293]

There are two ways to resolve this issue.

1. Reinstall the Endace drivers into a directory without a space in the name.
2. Change the Endace values to C:\Progra~1\Endace thereby removing the space.

NOTE: You can use the DIR /X C:\ command to locate directories containing spaces and their truncated counterpart. For example, you will see something like:

04/03/2008 01:08 PM <DIR> PROGRA~1 Program Files

pop up for the Program Files directory. That means that you can use PROGRA~1 instead of "Program Files" as a directory name.