Packet decode failed

stefansaye · September 6, 2017, 1:57pm

Hi,
On starting the packetbeat binary I get the following error.

2017-09-07T11:12:15+08:00 INFO Non-zero metrics in the last 30s: dns.unmatched_requests=2801    dns.unmatched_responses=2216 http.unmatched_responses=508 icmp.duplicate_requests=65 icmp.unmatched_requests=499 icmp.unmatched_responses=420 libbeat.es.call_count.PublishEvents=228 libbeat.es.publish.read_bytes=114123 libbeat.es.publish.write_bytes=7891903 libbeat.es.published_and_acked_events=11125 libbeat.publisher.messages_in_worker_queues=2475 libbeat.publisher.published_events=11125 mysql.unmatched_requests=13 mysql.unmatched_responses=108 tcp.dropped_because_of_gaps=6624
2017-09-07T11:12:16+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: Invalid TCP option length 132 exceeds remaining 6 bytes
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: Invalid TCP data offset 3 < 5
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:19+08:00 INFO packet decode failed with: Invalid TCP option length 96 exceeds remaining 16 bytes
2017-09-07T11:12:19+08:00 INFO packet decode failed with: Invalid TCP data offset 0 < 5
2017-09-07T11:12:19+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:45+08:00 INFO Non-zero metrics in the last 30s: dns.unmatched_requests=978 dns.unmatched_responses=766 http.unmatched_responses=340 icmp.duplicate_requests=51 icmp.unmatched_requests=358 icmp.unmatched_responses=163 libbeat.es.call_count.PublishEvents=202 libbeat.es.publish.read_bytes=100851 libbeat.es.publish.write_bytes=6242222 libbeat.es.published_and_acked_events=9764 libbeat.publisher.messages_in_worker_queues=1182 libbeat.publisher.published_events=11413 mysql.unmatched_requests=4 mysql.unmatched_responses=24 tcp.dropped_because_of_gaps=1886
2017-09-07T11:13:15+08:00 INFO Non-zero metrics in the last 30s: libbeat.es.call_count.PublishEvents=230 libbeat.es.publish.read_bytes=115622 libbeat.es.publish.write_bytes=6651208 libbeat.es.published_and_acked_events=11351 libbeat.publisher.messages_in_worker_queues=22 libbeat.publisher.published_events=11275

versions :

packetbeat : packetbeat-5.5.2
elasticsearch: 5.5
Kibana: Version: 5.5.0

Anyone familiar with this issue. I have gone through the config file and found no errors.
I will be grateful if you can help me to figure out the root cause. Thank you.

steffens · September 7, 2017, 11:00am

Hmmm.... do you have TCP offloading enabled?

system · October 5, 2017, 11:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.