Packetbeat: Packetbeat on Windows Server 2008, running but not logging

Hello {Elastic} World,
I am able to run Packetbeat successfully on one of staging server(windows server 2008),
but it is not sending data to ES of remote computers.

I've packetbeat logs for 3 days, and I am only seeing following three lines repeatatively,

2016-03-18T13:14:15+05:30 INFO GeoIP disabled: No paths were set under output.geoip.paths
2016-03-18T13:14:15+05:30 INFO Activated elasticsearch as output plugin.
2016-03-18T13:14:15+05:30 INFO Publisher name: WINBOM-DCSTART
2016-03-18T13:14:15+05:30 INFO Flush Interval set to: 1s
2016-03-18T13:14:15+05:30 INFO Max Bulk Size set to: 50
2016-03-18T13:14:15+05:30 INFO Init Beat: packetbeat; Version: 1.1.1
2016-03-18T13:14:15+05:30 INFO Resolved device index 0 to device: \Device\NPF_{6B62E55C-11F2-41F8-860C-BF7469444730}
2016-03-18T13:14:15+05:30 INFO packetbeat sucessfully setup. Start running.
2016-03-18T13:14:18+05:30 INFO packet decode failed with: Invalid (too small) IP length (0 < 20)
2016-03-18T13:14:18+05:30 INFO packet decode failed with: Invalid (too small) IP length (0 < 20)
2016-03-18T13:14:22+05:30 WARN Gap in tcp stream. last_seq: 3268359307, seq: 3268424215, gap: 64908
2016-03-18T20:48:56+05:30 INFO Connecting error publishing events (retrying): Head http://10.76.133.15:9200: dial tcp 10.76.133.15:9200: connectex: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
2016-03-18T20:48:56+05:30 INFO send fail
2016-03-18T20:48:56+05:30 INFO backoff retry: 1s
2016-03-18T20:49:15+05:30 INFO packet decode failed with: Invalid (too small) IP length (0 < 20)
2016-03-18T20:49:15+05:30 INFO packet decode failed with: Invalid (too small) IP length (0 < 20)
2016-03-21T13:07:24+05:30 WARN Response from unknown transaction. Ingoring.
2016-03-21T13:07:40+05:30 WARN Response from unknown transaction. Ingoring.

See log message. is ES running and reachable?

Yes @steffens and @andrewkroh

I tried to access ES from the required Windows server 2008, and it is running and reachable.

Any guess, what might be wrong?

Hi @andrewkroh , According to your suggestion we tried npcap on windows7 and our firewall is blocking the program and deleting the starting .exe files as well.

Maybe you can whitelist npcap with your AV program.

Yes @steffens and @andrewkroh

I tried to access ES from the required Windows server 2008, and it is running and reachable.

Any guess, what might be wrong?

have you got a firewall or http proxy in between? beats use 'HEAD' request to check if ES is available (kinda of a ping).

Try running the PowerShell command here to test the HEAD request: Winlogbeat transport problem on port 80 through reverse proxy to Elasticsearch