ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

No SMTP traffic seen on newly installed monitor

book

Article ID: 160376

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

A sniffer utility (such as Dagsnap, Wireshark, etc.) is capturing traffic but no traffic is being reported through the Monitor UI.

Resolution

  1. Check the IP Filters.  The filtering could be set up in such a way that no messages are generated and thus no traffic is captured. Be aware that IP traffic is evaluated in order against the filter entries until an entry matches the IP parameters.

To check the IP Filters from the Enforce UI:

Global:  Administration > Settings > Protocols

Server:  Administration > Overview > <detection server>. Click Configure tab and select protocol in question.

You can validate whether the IP filters are causing an issue by removing them and then check to see if traffic is being reported through the monitor.

For example, a filter of +,10.67.0.0/16,*;-,*,* matches all IP traffic going to network 10.67.x.x but does not match any other traffic.

For more details on setting up IP Filters, please see KB TECH221378:  How to set up IP filters for Vontu Network Monitor

  1. If you have an Endace card, check that it is working properly.

For more information see TECH218779:  Endace Card is Not Recognized

 

  1. Check any SPAN or TAP ports that may be in use to be sure they are configured and working correctly.

 

 

 

 

 

Powered by Wolken Software