Malformed Packets During Livestream
Hello All,
We are a medium size ministry and we livestream our services using Livestream Studio Software. Recently we've experienced errors from Livestream Studio stating connection too slow for quality and at points the stream will actually drop completely. Doing some simple network diags I've determined there were no issues with our LAN being saturated (no data loss from hosts to GWY). I've also done speed tests and pinging the ISP routers with no significant data loss. We've also had the ISP out here to do line tests which have all passed. Upon running packet captures and using the _ws.expert.severity == error filter I see alot of Malformed packets and TCP out of Order.
I'm not a Network Engineer, so im doing my best to explain this. On the capture i believe its displaying 14146 packets with that filter out of 3962277 packets captured. I see alot of Malformed HTTP packets from LAN HOST 1 to LAN HOST 2. Tonight I noticed alot of TCP Out-Of-Order packets from our Livestream Box to the livestream site. The TTL's are all 128 as well.
I've saved the capture. Please let me know anything else I can do to troubleshoot.
We've tested hardware removing switches and using Guest network Router with the same malformed packet results.
**Capture File Link https://www.dropbox.com/s/ojjx5mis1j8...
Thanks and Regards, Andrew FPMI IT Director
If possible can you post the capture file on a public share?
I'm about to upload it to my dropbox. Anyway i could get your email so i can send you the link? Thanks so much for responding so fast!! - Andrew
It's better to edit your question with a link to Dropbox so more people can try to help you.
I've added the link now.
This is a huge file. I see about 50/50 split between UDP and TCP traffic by number of packets. Can you narrow down what traffic is of interest? What are the IP addresses of "LAN HOST 1" and "LAN HOST 2"?
We're not so much concerned with the LAN hosts. We're just trying to figure out why we get the alerts from Livestream Studio software stating our connection is too slow for quality and sometimes says lost connection. Our pipeline is more than big enough to handle our data at 200DL x 20UL. So to answer your question of what traffic is of interest I would say anything destined for Livestream servers. Livestream uses RTMP and HTTP protocols for streaming. Hope this helps. Sorry for the big capture it's a full service.
Do you believe our problem stems from all the malformed and bad tcp packets? Is this normal to have so many? I can tell you the .218 is our Livestream machine you should see all the Livestream conversations to and from this IP.
I don't see any traffic for an IP ending in .218. Did you mean 192.168.0.213?
Sorry I meant to say .213. That's our Livestream box where I ran the capture from.
Thanks so much Spooky!!! This helps alot, we will now look into why this is occurring