Error 3302 - PacketCapture could not elevate its privilege level
search cancel

Error 3302 - PacketCapture could not elevate its privilege level


Article ID: 160662


Updated On:


Data Loss Prevention Network Monitor Data Loss Prevention


After installing or upgrading a Linux Network Monitor, all services are running but you see the following errors in Enforce console and no incidents are created:

Code 3309
Summary PacketCapture could not elevate its privilege level
Detail Packet Capture was unable to load MMAP . No native capture interface is available. Please see PacketCapture.log for more information.
Code 3302
Summary MMAP is not available
Detail PacketCapture could not elevate its privileges. Some initialization tasks are likely to fail. Please check ownership and permissions of the PacketCapture executable.
Code 3301
Summary Capture failed to start on device ethX
Detail Device ethX is configured for capture, but could not be initialized. Please see PacketCapture.log for more information.


On a fresh install, this failure condition can happen if SELinux is enabled or if DLP is installed on a partition mounted with the option "nosuid".

On an upgraded system, ensure the version-specific upgrade root script was run from the correct location per the DLP Upgrade Guide for Linux.

If the upgrade was done as the root user and not protect, change the owner and permissions of the file "/opt/Vontu/Protect/bin/PacketCapture" with the following 2 commands and restart the services:


chown root:protect PacketCapture

chmod 6755 PacketCapture

In DLP 16.0+ You must also chown PacketCaptureLauncher and PacketCaptureLoaderArguments.conf

After applying 16.0.0101, 16.0.0200, and 16.0.0201 you may need to apply these permissions. 

    chown root:protect PacketCaptureLauncher

    chown root:protect PacketCaptureLoaderArguments.conf

In the Protect/bin directory, all executables should be set to 750 , except for PacketCaptureLauncher which should be 4750.
The defaults will be corrected in a future release. 

NOTE:  It is recommended to reinstall any Linux detection server that has been upgraded improperly as the root user to ensure successful upgrades in the future.