Hi Murdoch07,
Please check your incident wtiter service and packet capture library. If both are working then need some other solution. You can check this first . and let me know the status and read the below.
You can use three different methods to capture the network traffic that is acquired
by a SPAN or tap:
■ NIC on a Windows platform. Windows platforms using a NIC for packet capture
require a WinPcap library on the Network Monitor Server host. If WinPcap is
not already on the Network Monitor Server host, you must install it. See the
Symantec Data Loss Prevention System Requirements and Compatibility Guide
for information about the supported version of the WinPcap library.
See “Installing WinPcap on a Windows platform” on page 806.
■ NIC on a Linux platform. Linux platforms using a NIC use native Linux packet
capture which requires PACKET_MMAP support in the kernel. Support for
PACKET_MMAP is included by default in supported Linux kernels.
■ Endace card on either Windows or Linux platforms. An Endace DAG network
measurement card can be used on both Windows and Linux platforms to
provide network packet capture in high-traffic environments. See the Symantec
Data Loss Prevention System Requirements and Compatibility Guide for
information about supported Endace cards and drivers.