Packet decode failed

stefansaye · September 6, 2017, 1:57pm

Hi,
On starting the packetbeat binary I get the following error.

2017-09-07T11:12:15+08:00 INFO Non-zero metrics in the last 30s: dns.unmatched_requests=2801    dns.unmatched_responses=2216 http.unmatched_responses=508 icmp.duplicate_requests=65 icmp.unmatched_requests=499 icmp.unmatched_responses=420 libbeat.es.call_count.PublishEvents=228 libbeat.es.publish.read_bytes=114123 libbeat.es.publish.write_bytes=7891903 libbeat.es.published_and_acked_events=11125 libbeat.publisher.messages_in_worker_queues=2475 libbeat.publisher.published_events=11125 mysql.unmatched_requests=13 mysql.unmatched_responses=108 tcp.dropped_because_of_gaps=6624
2017-09-07T11:12:16+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: Invalid TCP option length 132 exceeds remaining 6 bytes
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:17+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:18+08:00 INFO packet decode failed with: Invalid TCP data offset 3 < 5
2017-09-07T11:12:18+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:19+08:00 INFO packet decode failed with: Invalid TCP option length 96 exceeds remaining 16 bytes
2017-09-07T11:12:19+08:00 INFO packet decode failed with: Invalid TCP data offset 0 < 5
2017-09-07T11:12:19+08:00 INFO packet decode failed with: TCP data offset greater than packet length
2017-09-07T11:12:45+08:00 INFO Non-zero metrics in the last 30s: dns.unmatched_requests=978 dns.unmatched_responses=766 http.unmatched_responses=340 icmp.duplicate_requests=51 icmp.unmatched_requests=358 icmp.unmatched_responses=163 libbeat.es.call_count.PublishEvents=202 libbeat.es.publish.read_bytes=100851 libbeat.es.publish.write_bytes=6242222 libbeat.es.published_and_acked_events=9764 libbeat.publisher.messages_in_worker_queues=1182 libbeat.publisher.published_events=11413 mysql.unmatched_requests=4 mysql.unmatched_responses=24 tcp.dropped_because_of_gaps=1886
2017-09-07T11:13:15+08:00 INFO Non-zero metrics in the last 30s: libbeat.es.call_count.PublishEvents=230 libbeat.es.publish.read_bytes=115622 libbeat.es.publish.write_bytes=6651208 libbeat.es.published_and_acked_events=11351 libbeat.publisher.messages_in_worker_queues=22 libbeat.publisher.published_events=11275

versions :

packetbeat : packetbeat-5.5.2
elasticsearch: 5.5
Kibana: Version: 5.5.0

Anyone familiar with this issue. I have gone through the config file and found no errors.
I will be grateful if you can help me to figure out the root cause. Thank you.

steffens · September 7, 2017, 11:00am

Hmmm.... do you have TCP offloading enabled?

system · October 5, 2017, 11:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Packetbeat Error on running the compiled binary on different systems Beats packetbeat	4	863	May 9, 2017
Packet log error tcp data length than packet Beats packetbeat	1	664	January 9, 2018
Debug Unmatched responses Beats packetbeat	8	2848	March 16, 2018
Memcached error saturate the syslog Beats packetbeat	3	1305	July 2, 2016
[Packetbeat] packet loss for mysql queries Beats packetbeat	3	294	November 27, 2023

Packet decode failed

Related Topics