Packet decode failed

Hi,
On starting the packetbeat binary I get the following error.

2017-09-07T11:12:15+08:00 INFO Non-zero metrics in the last 30s: dns.unmatched_requests=2801    dns.unmatched_responses=2216 http.unmatched_responses=508 icmp.duplicate_requests=65 icmp.unmatched_requests=499 icmp.unmatched_responses=420 libbeat.es.call_count.PublishEvents=228 libbeat.es.publish.read_bytes=114123 libbeat.es.publish.write_bytes=7891903 libbeat.es.published_and_acked_events=11125 libbeat.publisher.messages_in_worker_queues=2475 libbeat.publisher.published_events=11125 mysql.unmatched_requests=13 mysql.unmatched_responses=108 tcp.dropped_because_of_gaps=6624
2017-09-07T11:12:16+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: Invalid TCP option length 132 exceeds remaining 6 bytes
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: Invalid TCP data offset 3 < 5
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:19+08:00 INFO packet decode failed with: Invalid TCP option length 96 exceeds remaining 16 bytes
2017-09-07T11:12:19+08:00 INFO packet decode failed with: Invalid TCP data offset 0 < 5
2017-09-07T11:12:19+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:45+08:00 INFO Non-zero metrics in the last 30s: dns.unmatched_requests=978 dns.unmatched_responses=766 http.unmatched_responses=340 icmp.duplicate_requests=51 icmp.unmatched_requests=358 icmp.unmatched_responses=163 libbeat.es.call_count.PublishEvents=202 libbeat.es.publish.read_bytes=100851 libbeat.es.publish.write_bytes=6242222 libbeat.es.published_and_acked_events=9764 libbeat.publisher.messages_in_worker_queues=1182 libbeat.publisher.published_events=11413 mysql.unmatched_requests=4 mysql.unmatched_responses=24 tcp.dropped_because_of_gaps=1886
2017-09-07T11:13:15+08:00 INFO Non-zero metrics in the last 30s: libbeat.es.call_count.PublishEvents=230 libbeat.es.publish.read_bytes=115622 libbeat.es.publish.write_bytes=6651208 libbeat.es.published_and_acked_events=11351 libbeat.publisher.messages_in_worker_queues=22 libbeat.publisher.published_events=11275

versions :

packetbeat : packetbeat-5.5.2
elasticsearch: 5.5
Kibana: Version: 5.5.0

Anyone familiar with this issue. I have gone through the config file and found no errors.
I will be grateful if you can help me to figure out the root cause. Thank you.

Hmmm.... do you have TCP offloading enabled?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.