Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 6.1
Description
Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 6.1.1.3-11n firmware)
Resolution
When viewing output on the System > Packet Monitor page, there are two fields that display potentially useful diagnostic information in numeric format. The Modue-ID field provides information on the specific area of the firewall (UTM) appliance's firmware that handled a particular packet. The Drop Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings
Please Note: The following Drop-Codes were extracted from SonicOS Enhanced 6.1.1.3 11n firmware version, however these codes may change when a new firmware isavailable. When unsure please contact SonicWall support.Module ID and Module Name:
| 0 1 adminTools 2 attacks 3 av 4 bwmmgmt 5 CIA 6 cli 7 clients 8 config 9 connectionCache 10 contentFilter 11 dea 12 debug 13 dhcpRelay 14 dhtml 15 fileSystem 16 fwCore 17 ha 18 idp 19 ipHelper 20 ipSec | 21 lib 22 log 23 modem 24 netObj 25 network 26 packetFilter 27 policy 28 pppStack 29 RADIUS acct 30 redirector 31 reports 32 resource 33 sarc 34 servers 35 snmp 36 spdpp 37 stateful 38 system 39 TRAV2 40 TSA | 41 USERS 42 version 43 wizards 44 wlan 45 wlb 46 zones 47 ARP 48 system stack 49 PPTP 50 L2TP 51 PPP-Dialup 52 IGMP 53 PPPOE 54 NAT 55 anti-spam 56 NetMonitor 57 Mirroring 58 SIP 59 BandOpt 60 |
| DROP CODES | |
| Drop Code ID and name | Drop Code ID and name |
| 0 1 Unknown Ether type. 2 IPv6 packets not supported. 3 Packet on invalid vlan 4 Packet on invalid interface 5 Invalid HA packet 6 Invalid HA ARP packet 7 PPPoE discover packet not allowed 8 Invalid HA SDP packet 9 Routing packet not allowed 10 VLAN filtered. 11 Unicast MACADDR not mine 12 L2B Learning-Bridge filtered 13 Invalid NET-ID found. 14 Invalid Run-time NET data. 15 Unknown ARP type. 16 Arp reply ignored. 17 IP address not for our subnet 18 NULL source IP address 19 Own gratuitous arp 20 IP address not on our lan subnet 21 Classical mode, ARP bridge not supported 22 ARP proxy, subnet mismatch 23 Not for me. 24 Invalid TCP Flag 25 Invalid TCP Options 26 IP sanity test failed 27 Non sonicpoint traffic in wlan zone 28 Multicast spank attack 29 Multicast Data packet dropped 30 Load Balancing Probe error 31 Syn Flood Protection 32 IP source route option found 33 Invalid connection cache. 34 Unknown destination 35 Bounce traffic detected 36 Access Rule Policy not found 37 AV detection 38 DEA detection 39 Bad TFTP packets 40 Enforced firewall rule 41 LICENSE drop 42 IDP detection 43 Packet to public IP from inside firewall 44 Bad TTL 45 IP check failed 46 Bad source IP 47 Bad destination MAC address 48 Broadcast not allowed on bridge. 49 Going to blacklisted server. 50 coming from blacklisted server. 51 Broadcast traffic not handled. 52 Multicast forwarding not configured 53 Multicast IGMP state not found 54 Multicast IP not in the allowed list 55 Anti-Spam Connection Limit Reached 56 Active/Active DPI drop offload packet 57 UDP Flood Protection 58 ICMP Flood Protection 59 Unknown Ether type 60 Incorrect IP Version 61 Blacklisted MAC address 62 Wrong IP Length 63 Packet length mismatch with interface MTU 64 Wrong fragmentation boundary. 65 Wrong IP checksum value. 66 Wrong TCP Checksum value. 67 Wrong UDP Checksum value. 68 Wrong ICMP Checksum value. 69 NULL Udp port number 70 Non PPP-GRE traffic 71 Missing ESP Header 72 Missing AH Header 73 Missing IPCOMP Header 74 Unknown IP protocol type 75 TTL value is zero. 76 l2 mcast but dest ip is unicast 77 Null Source Zone. 78 Wrong UDP Length. 79 RECV: IP pkt recvd without IPCP session 80 RECV: TNMP can't alloc contiguous buf 81 XMIT: AHDLC encap no buf 82 XMIT: TNMP can't alloc contiguous buf 83 XMIT: Device not ready to forward traffic 84 XMIT: No IPCP session 85 XMIT: No Dialup Msg Buffer available 86 Non Zero GIAddr field in DHCP packet from client 87 Source MAC is different from chAddr field in DHCP client packet 88 Iphelper policy not found for DHCP relay. 89 Iphelper cache not found for DHCP. 90 Zero NSID in Netbios request packet. 91 Iphelper policy not found for Netbios. 92 Iphelper cache not found for Netbios. 93 Zero NSID in Netbios reply packet. 94 Ingress interface is same as egress interface. 95 DHCP server packet dropped, RPF check failed. 96 Netbios packet dropped, RPF check failed. 97 Other Application packet dropped, RPF check failed. 98 Iphelper policy not found for other Application. 99 Memory Allocation Error. 100 Length Mismatch. Cant forward pkt. 101 Control message header size error. 102 Drop GRE packet as call not yet established. 103 Invalid GRE Flags or Caller ID. 104 Invalid GRE sequence number. 105 No payload for GRE packet. 106 PPTP Tunnel is not up yet. 107 PPTP Client is not enabled. 108 PPTP Spin Lock Error. 109 PPTP Flow Control Queuing Error. 110 Error copying PPTP combuf chain to continuous buffer. 111 Error fragmenting packet that is larger than PPTP MTU. 112 Enforced Dial-on-Data restriction. 113 PPPDU has not completed initialization. 114 Error fragmenting packet that is larger than PPPDU MTU. 115 PPPDU dropped packet because packet that is larger then PPPDU MTU and fragmentation is disabled. 116 Packet received with DF bit Set and large than MTU 117 PPP link is not up/available. 118 The PPP buffer processing failed. 119 Received PPP pkt but there is no existing PPP information. 120 PPP Network Interface structure is NULL. 121 PPP Virtual Interface structure is NULL. 122 PPP dropped packet because it contains unknown protocol. 123 PPP dropped packet because of transmission failure. 124 PPP dropped packet because NCP is not open. 125 PPP dropped packet because the LCP code is unacceptable. 126 PPPOE packet has no payload. 127 The PPPOE buffer processing failed. 128 The PPPOE module is not yet ready. 129 The PPPOE module is not enabled. 130 The PPPOE module is not re/started with NTP packets. 131 The PPPOE module dropped the packet because it was non-IP. 132 PPPoE packet has unsupported version. 133 Received PPPoE packet for non-existent PPP session 134 PPPoE packet has an illegal session id. 135 PPPoE packet has unknown ethertype. 136 PPPoE packet is missing the service name tag. 137 PPPoE packet was not transmitted. 138 PPPoE packet dropped due to failure in adding enet header. 139 L2TP Length Mismatch 140 L2TP UDP checksum error 141 L2TP buffer corrupted 142 L2TP invalid tunnel 143 L2TP invalid session 144 L2TP Invalid source interface 145 L2TP packet not encrypted 146 L2TP Drop PPP control packet, session not established yet 147 L2TP Tunnel/Seesion Invalid 148 L2TP invalid pkt type 149 L2TP invalid control msg 150 L2TP unsupported version | 151 L2TP not enabled on this interface 152 L2TP invalid packet 153 L2TP invalid runtime data 154 L2TP connection not UP 155 L2TP memory allocation failed 156 No IPSec tunnel active for this connection , 157 Invalid L2TP Mode , 158 Pkt pass to stack failed 159 UDP length greater than 1500 160 IP length greater than 1500 161 Pkt authentication failed 162 SA not found on lookup by SPI after decryption 163 SA not found on lookup by SPI after encryption 164 Failed to copy frag chain to contiguous buffer 165 Pkt with SPI less than 256 166 SA not found on lookup by SPI for inbound packet 167 Pkt length smaller than expected 168 Replayed Pkt 169 Pkt received on invalid interface 170 Expecting udp encapsulation 171 Not expecting udp encapsulation 172 Throughput regulator drop inbound pkt 173 HW processing request error for inbound pkt 174 AH auth failed 175 ESP auth failed 176 ESP decrypt failed 177 Unknown protocol 178 Nested tunnels not supported 179 Pkt is not thru tunnell 180 Pkt is not thru tunnel or l2tp transport mode 181 Pkt not destined to mgmt interface 182 Pkt from invalid peer 183 VPN access list check failure 184 Pkt does not match traffic selectors 185 Pkt fragment not allowed 186 DHCP pkt invalid IP length 187 Octeon Decrypyion Failed for inbound packet 188 Incoming packet's combuf Ip Length Error 189 Combuf Ip Ptr Null Error 190 Multicast sa not found 191 SA not found on lookup by SPI for outbound pkt 192 Incorrect src IP on mgmt SA 193 Throughput regulator drop outbound pkt 194 Insufficient command context for outbound pkt 195 HW processing request error for outbound pkt 196 Software esp decrypt processing request error 197 Software esp auth processing request error 198 Software ah auth processing request error 199 Software null sa processing request error 200 Software processing request error 201 Combuf Fragmentation error 202 Packet is large than MTU 203 Packet received with DF bit Set and large than MTU 204 Sequence overflow while encryting packet 205 Encption error for out going packet 206 Combuf Ip Ptr NUll Error 207 Combuf Ip Length Error 208 Next Hope ARP not Resolved 209 Multicast buffer error 210 No IGMP entry found 211 No IGMP interface entry found 212 Combuf fields mismatch iplen-enet not equal to etherhdr size 213 IGMP wrong Checksum 214 Multicast not enabled 215 IGMP state table error 216 IGMP message error 217 IGMPV3 message error 218 IGMP version not supported 219 Multicast RTP stateful failed 220 IP Spoof check failed 221 OutGoing interface not available 222 Cache pointer is NULL. NAT policy lookup cannot be performed 223 NAT policy remap failed 224 NAT policy unique remap port failed 225 NAT policy lookup failed. Cache add aborted 226 Connection cache is full 227 Get VPN tunnel interface from policy failed 228 Packet from bounced path 229 Half open ESP connection 230 Half open IPCOMP connection 231 Allocate memory for connection cache failed 232 Packet marked to be dropped on ingress 233 Packet marked to be dropped on egress 234 Packet dropped by BWM CBQ as there is no default queue 235 Packet dropped by BWM CBQ as the queue is full 236 Packet dropped by BWM ACKQ as the queue is full 237 Packet dropped by BWM ACKQ as there is no default queue 238 Packet dropped due to BWM spin lock error 239 MAC-IP Anti-spoof check enforced for hosts. 240 MAC-IP Anti-spoof cache not found for this router. 241 MAC-IP Anti-spoof cache found, but it is not a router. 242 MAC-IP Anti-spoof cache found, but it is blacklisted device. 243 Packet dropped - IDP failure on sslspy packet 244 Packet droppedd - Content filter failure on sslspy packet 245 Packet dropped - failed processing 246 Packet dropped - failed SIP pre-processing 247 Packet dropped - failed SIP post-processing 248 Packet dropped - unknown SIP method 249 Packet dropped - unknown Call-ID in method 250 Packet dropped - invalid Contact: 251 Packet dropped - invalid Call-ID: 252 Packet dropped - invalid Via: 253 Packet dropped - invalid From: 254 Packet dropped - invalid To: 255 Packet dropped - invalid RecordRoute: 256 Packet dropped - invalid Maddr: 257 Packet dropped - invalid Route: 258 Packet dropped - invalid ACK 259 Packet dropped - invalid method 260 Packet dropped - invalid ReferredBy: 261 Packet dropped - invalid ReferredTo: 262 Packet dropped - invalid BYE 263 Packet dropped - invalid CANCEL 264 Packet dropped - invalid INVITE 265 Packet dropped - invalid REGISTER 266 Packet dropped - SDP body not found 267 Packet dropped - bad SDP content length 268 Packet dropped - bad SDP c= 269 Packet dropped - bad SDP m= 270 Packet dropped - failed SDP processing 271 Packet dropped - Geo-IP block for init country 272 Packet dropped - Geo-IP block for resp country 273 Packet dropped - BOTNET block for init command and control center 274 Packet dropped - BOTNET block for resp command and control center 275 - |
Related Articles
not finding your answers?