Memory Leak on Network Packet Capture

[BugComHunter]

Integration Name

Network Packet Capture [network_traffic]

Dataset Name

No response

Integration Version

v1.32.1

Agent Version

8.15.3

Agent Output Type

elasticsearch

Elasticsearch Version

8.15.3

OS Version and Architecture

Windows server 2019

Software/API Version

No response

Error Message

No response

Event Original

No response

What did you do?

checked the patch notes for the npcap version for know issues.

What did you see?

Memory would gradually climb until server would hard lock and would need to be rebooted

What did you expect to see?

no memory leak

Anything else?

i noticed and issue with this integration several times most of the time i uninstall it however i find the data extremely helpful for monitoring internal data traffic. This seems to be a documented issues from Npcap and the oem version that is installed with the integration as its 1.76 and 1.77 has a fix for it see https://github.com/nmap/npcap/issues/688 and change logs https://npcap.com/changelog. i suspect the copy of npcap that is bundled with the integration needs to be updated.

[elasticmachine]

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)

[andrewkroh]

The next Elastic Agent release will bundle npcap 1.80. See https://github.com/elastic/beats/pull/41271.

[willemdh]

This seems like a serious problem. Is 8.14.3 impacted?

[BugComHunter]

i have only noticed this on agents installed with Network Packet Capture installed on servers with larger volume network traffic such as domain controllers, DNS and SNMP servers and exchange servers. removing the ingeneration solves the issue but you lose the visibility. these have also all bee windows based Machines. Elasticsearch itself is not effected.