Flash Video does not play when going via a Proxy.


Article ID: 165749


Updated On:


ProxySG Software - SGOS



Flash Video is being used more and more in the internet  replacing the older stream like RTSP/MMS.  With this it has been noted that a lot of these sites that don't work when a client is going via a Proxy.

The reason for this is that some Flash Video servers have a configuration file that tells the Browser Applet how to communicate with the stream. By default this is port 1935 and a lot of these are coded with the IP Address of the OCS (Web site).

To prove this a simple Packet capture on the PC accessing the site will show if this is the case.

Wireshark filter : http.request or http.response or tcp.port == 1935

Client IP :
Blue Coat IP :
OCS Site : xx.xx.xx.xx

In this example we see the HTTP Request go via the proxy on port 8080

   1825 2010-02-25 15:36:09.298827        HTTP            GET http://www.testvideosite.com/demo/vidoefile.flv HTTP/1.1
   1829 2010-02-25 15:36:09.305138        HTTP            GET http://www.testvideosite.com/vidoefile.flv HTTP/1.1
   1837 2010-02-25 15:36:09.884679         HTTP/XML        HTTP/1.1 200 OK                                             
   1838 2010-02-25 15:36:09.896081         HTTP/XML        HTTP/1.1 200 OK                                              

In the response from the OCS are the Video details and we then see a direct request over port 1935   

   1839 2010-02-25 15:36:09.961682    xx.xx.xx.xx        TCP      2452 > 1935 [SYN] Seq=925511883 Win=65535 Len=0 MSS=1260       
   1844 2010-02-25 15:36:10.122386 xx.xx.xx.xx         TCP      1935 > 2452 [SYN, ACK] Seq=3480320864 Ack=925511884 Win=16384 Len=0 MSS=1460
   1845 2010-02-25 15:36:10.122443    xx.xx.xx.xx        TCP      2452 > 1935 [ACK] Seq=925511884 Ack=3480320865 Win=65535 Len=0 
   1846 2010-02-25 15:36:10.162967    xx.xx.xx.xx        TCP      2452 > 1935 [ACK] Seq=925511884 Ack=3480320865 Win=65535 Len=1260


In most cases there is a firewall between the Client PC and the Internet that would block this traffic. So 1st check the access logs on the Firewall for these Denied requests.

The solution here is to allow the IP address / Port through the firewall or contact the hosting company as ask for this to be altered


Additional troubleshooting.

If examining a local PC PCAP no connection is made over 1935, 80 or 443 directly to the Hosting Site then check to see if the hostname is resolvable from a DNS query.

If the hostname is not resolvable via DNS then the Flash Player will not attempt to make these connections making troubleshooting that bit harder.

To verify the above issue try adding a host entry (normally found in the http/xml file) into the PC Local host file for the hosting site and IP address. Then repeat the above testing and obtain a PCAP.