Ask Your Question

Malformed Packets During Livestream

asked 2019-12-07 02:34:08 +0000

FPMI-IT gravatar image

updated 2019-12-11 03:21:06 +0000

Hello All,

We are a medium size ministry and we livestream our services using Livestream Studio Software. Recently we've experienced errors from Livestream Studio stating connection too slow for quality and at points the stream will actually drop completely. Doing some simple network diags I've determined there were no issues with our LAN being saturated (no data loss from hosts to GWY). I've also done speed tests and pinging the ISP routers with no significant data loss. We've also had the ISP out here to do line tests which have all passed. Upon running packet captures and using the == error filter I see alot of Malformed packets and TCP out of Order.

I'm not a Network Engineer, so im doing my best to explain this. On the capture i believe its displaying 14146 packets with that filter out of 3962277 packets captured. I see alot of Malformed HTTP packets from LAN HOST 1 to LAN HOST 2. Tonight I noticed alot of TCP Out-Of-Order packets from our Livestream Box to the livestream site. The TTL's are all 128 as well.

I've saved the capture. Please let me know anything else I can do to troubleshoot.

We've tested hardware removing switches and using Guest network Router with the same malformed packet results.

**Capture File Link

Thanks and Regards, Andrew FPMI IT Director

edit retag flag offensive close merge delete


If possible can you post the capture file on a public share?

Spooky gravatar imageSpooky ( 2019-12-07 02:37:30 +0000 )edit

I'm about to upload it to my dropbox. Anyway i could get your email so i can send you the link? Thanks so much for responding so fast!! - Andrew

FPMI-IT gravatar imageFPMI-IT ( 2019-12-10 23:27:16 +0000 )edit

It's better to edit your question with a link to Dropbox so more people can try to help you.

Spooky gravatar imageSpooky ( 2019-12-11 01:25:38 +0000 )edit

I've added the link now.

FPMI-IT gravatar imageFPMI-IT ( 2019-12-11 03:22:39 +0000 )edit

This is a huge file. I see about 50/50 split between UDP and TCP traffic by number of packets. Can you narrow down what traffic is of interest? What are the IP addresses of "LAN HOST 1" and "LAN HOST 2"?

Spooky gravatar imageSpooky ( 2019-12-11 03:58:35 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-12-19 03:05:04 +0000

Hi Andrew,

I opened the PCAP and took a look at TCP conversations and sorted by the number of packets.

You mentioned the ISP link being checked so I looked for a public IP with lots of traffic to or from

I saw that host is sending a lot of traffic to host (a public IP) so I focused on this stream.

Use this filter to see the stream eq 13

I don't see a lot of malformed HTTP: 90 overall and none for this stream.

"Expert Information" is a good place to look for issues but most items listed in red or yellow need to be investigated to make sure they are real issues.

Now I do see an odd behaviour on host where it sends _two copies_ of most (all?) segments.

This is why there are so many TCP Retransmission, TCP Dup ACK and TCP Out-of-Order

Take the first few packets:

Host sends a segment to host (frame 1855) and then the same segment (frame 1856) again after 0,01 ms. (That's 0.01 milliseconds!)

Host is even sending duplicate ACK to host See frame 1988 and then 1990 seen only 0.006 ms after.

Now this could be a real issue with the host or it could be an issue with your capture.

There is a possibility duplicate packets are caused by defective hardware.

Not sure how you took this capture but I would try to move the capture point "elsewhere" to see if the issue persists.

If it does then I would try to run the Livestream on another host.

Hope this helps.



edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-12-07 02:34:08 +0000

Seen: 1,041 times

Last updated: Dec 19 '19