Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS 5.8.1.15.71o)

Description

When viewing output on the Investigate | Packet Monitor page, there are two fields that display potentially useful diagnostic information in numeric format under Packet detail:

  • The Module-ID field provides information on the specific area of the firewall appliance's firmware that handled a particular packet.
  • The Drop-Code field provides a reason why the appliance dropped a particular packet.

    This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.

    The following Drop-Codes were extracted from SonicOS Enhanced 5.8.1.15.71o firmware version, however these codes may change when a new firmware is available.

Resolution

When viewing output on the System > Packet Capture page, there are two fields that display potentially useful diagnostic information in numeric format. The Module-ID field provides information on the specific area of the firewall (UTM) appliance's firmware that handled a particular packet. The Drop-Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.

Please Note: The following Drop-Codes were extracted from SonicOS Enhanced 5.8.1.15-71o firmware version, however these codes may change when a new firmware is available. When unsure please contact SonicWall support.

Module ID and Module Name:

0
1 adminTools
2 attacks
3 av
4 bwmmgmt
5 CIA
6 cli
7 cli2
8 clients
9 config
10 connectionCache
11 contentFilter
12 dea
13 debug
14 dhcpRelay
15 dhtml
16 fileSystem
17 fwCore
18 ha
19 idp
20 ipHelper

21 ipSec
22 lib
23 log
24 modem
25 netObj
26 network
27 packetFilter
28 policy
29 pppStack
30 redirector
31 reports
32 resource
33 sarc
34 servers
35 snmp
36 spdpp
37 stateful
38 system
39 TRAV2
40 TSA

41 USERS
42 version
43 wizards
44 wlan
45 wlb
46 zones
47 ARP
48 system stack
49 PPTP
50 L2TP
51 PPP-Dialup
52 IGMP
53 PPPOE
54 NAT
55 anti-spam
56 NetMonitor
57 Mirroring
58 SIP
59 BandOpt
60

 

Drop-Code:

 Error code and Name

0
1 Unknown Ether type.
2 IPv6 packets not supported.
3 Packet on invalid vlan
4 Packet on invalid interface
5 Invalid HA packet
6 Invalid HA ARP packet
7 PPPoE discover packet not allowed
8 Invalid HA SDP packet
9 Routing packet not allowed
10 VLAN filtered.
11 L2B Learning-Bridge filtered
12 Invalid NET-ID found.
13 Invalid Run-time NET data.
14 Unknown ARP type.
15 Arp reply ignored.
16 IP address not for our subnet
17 NULL source IP address
18 Own gratuitous arp
19 IP address not on our lan subnet
20 Classical mode, ARP bridge not supported
21 ARP proxy, subnet mismatch
22 Not for me.
23 Invalid TCP Flag
24 Invalid TCP Options
25 IP sanity test failed
26 Non sonicpoint traffic in wlan zone
27 Multicast spank attack
28 Multicast Data packet dropped
29 Load Balancing Probe error
30 Syn Flood Protection
31 IP source route option found
32  Invalid connection cache.
33 Unknown destination
34 Bounce traffic detected
35 Access Rule Policy not found
36 AV detection
37 DEA detection
38 Bad TFTP packets
39 Enforced firewall rule
40  LICENSE drop
41 IDP detection
42 Packet to public IP from inside firewall
43 Bad TTL
44 IP check failed
45 Bad source IP
46 Bad destination MAC address
47 Broadcast not allowed on bridge.
48 Going to blacklisted server.
49 coming from blacklisted server.
50 Broadcast traffic not handled.
51 Multicast forwarding not configured
52 Multicast IGMP state not found
53 Multicast IP not in the allowed list
54 Anti-Spam Connection Limit Reached
55 Active/Active UTM drop offload packet
56 Unknown Ether type
57 Incorrect IP Version
58 Blacklisted MAC address
59 Wrong IP Length
60 Packet length mismatch with interface MTU
61 Wrong fragmentation boundary.
62  Wrong IP checksum value.
63 Wrong TCP Checksum value.
64 Wrong UDP Checksum value.
65 Wrong ICMP Checksum value.
66 NULL Udp port number
67 Non PPP-GRE traffic
68 Missing ESP Header
69 Missing AH Header
70 Missing IPCOMP Header
71 Unknown IP protocol type
72 TTL value is zero.
73 l2 mcast but dest ip is unicast
74 Null Source Zone.
75 Wrong UDP Length.
76 RECV: IP pkt recvd without IPCP session
77 RECV: TNMP can't alloc contiguous buf
78 XMIT: AHDLC encap no buf
79 XMIT: TNMP can't alloc contiguous buf
80 XMIT: Device not ready to forward traffic
81 XMIT: No IPCP session
82 XMIT: No Dialup Msg Buffer available
83 Non Zero GIAddr field in DHCP packet from client
84 Source MAC is different from chAddr field in DHCP client packet
85 Iphelper policy not found for DHCP relay.
86 Iphelper cache not found for DHCP.
87 Zero NSID in Netbios request packet.
88 Iphelper policy not found for Netbios.
89 Iphelper cache not found for Netbios.
90 Zero NSID in Netbios reply packet.
91 Ingress interface is same as egress interface.
92 DHCP server packet dropped, RPF check failed.
93 Netbios packet dropped, RPF check failed.
94 Other Application packet dropped, RPF check failed.
95 Iphelper policy not found for other Application.
96 Memory Allocation Error.
97 Length Mismatch. Cant forward pkt!!!.
98 Control message header size error.
99 Drop GRE packet as call not yet established.
100 Invalid GRE Flags or Caller ID.

101 Invalid GRE sequence number.
102 No payload for GRE packet.
103 PPTP Tunnel is not up yet.
104 PPTP Client is not enabled.
105 PPTP Spin Lock Error.
106 PPTP Flow Control Queuing Error.
107 Error copying PPTP combuf chain to continuous buffer.
108 Error fragmenting packet that is larger than PPTP MTU.
109 Enforced Dial-on-Data restriction.
110 PPPDU has not completed initialization.
111 Error fragmenting packet that is larger than PPPDU MTU.
112 PPPDU dropped packet because packet that is larger then PPPDU MTU and fragmentation is disabled.
113 Packet received with DF bit Set and large than MTU
114 PPP link is not up/available.
115 The PPP buffer processing failed.
116 Received PPP pkt but there is no existing PPP information.
117 PPP Network Interface structure is NULL.
118 PPP Virtual Interface structure is NULL.
119 PPP dropped packet because it contains unknown protocol.
120 PPP dropped packet because of transmission failure.
121 PPP dropped packet because NCP is not open.
122 PPP dropped packet because the LCP code is unacceptable.
123 PPPOE packet has no payload.
124 The PPPOE buffer processing failed.
125 The PPPOE module is not yet ready.
126 The PPPOE module is not enabled.
127 The PPPOE module is not re/started with NTP packets.
128 The PPPOE module dropped the packet because it was non-IP.
129 PPPoE packet has unsupported version.
130 Received PPPoE packet for non-existent PPP session
131 PPPoE packet has an illegal session id.
132 PPPoE packet has unknown ethertype.
133 PPPoE packet is missing the service name tag.
134 PPPoE packet was not transmitted.
135 PPPoE packet dropped due to failure in adding enet header.
136 L2TP Length Mismatch
137 L2TP UDP checksum error
138 L2TP buffer corrupted
139 L2TP invalid tunnel
140 L2TP invalid session
141 L2TP Invalid source interface
142 L2TP packet not encrypted
143 L2TP Drop PPP control packet, session not established yet
144 L2TP Tunnel/Seesion Invalid
145 L2TP invalid pkt type
146 L2TP invalid control msg
147 L2TP unsupported version
148 L2TP not enabled on this interface
149 L2TP invalid packet
150 L2TP invalid runtime data
151 L2TP connection not UP
152 L2TP memory allocation failed
153 No IPSec tunnel active for this connection ,
154 Invalid L2TP Mode ,
155 Pkt pass to stack failed
156 UDP length greater than 1500
157 IP length greater than 1500
158 Pkt authentication failed
159 SA not found on lookup by SPI after decryption
160 SA not found on lookup by SPI after encryption
161 Failed to copy frag chain to contiguous buffer
162 Pkt with SPI less than 256
163 SA not found on lookup by SPI for inbound packet
164 Pkt length smaller than expected
165 Replayed Pkt
166 Pkt received on invalid interface
167 Expecting udp encapsulation
168 Not expecting udp encapsulation
169 Throughput regulator drop inbound pkt
170 HW processing request error for inbound pkt
171 AH auth failed
172 ESP auth failed
173 ESP decrypt failed
174 Unknown protocol
175 Nested tunnels not supported
176 Pkt is not thru tunnell
177 Pkt is not thru tunnel or l2tp transport mode
178 Pkt not destined to mgmt interface
179 Pkt from invalid peer
180 VPN access list check failure
181 Pkt does not match traffic selectors
182 Pkt fragment not allowed
183 DHCP pkt invalid IP length
184 Octeon Decrypyion Failed for inbound packet
185 Incoming packet's combuf Ip Length Error
186 Combuf Ip Ptr Null Error
187 Multicast sa not found
188 SA not found on lookup by SPI for outbound pkt
189 Incorrect src IP on mgmt SA
190 Throughput regulator drop outbound pkt
191 Insufficient command context for outbound pkt
192 HW processing request error for outbound pkt
193 Software esp decrypt processing request error
194 Software esp auth processing request error
195 Software ah auth processing request error
196 Software null sa processing request error
197 Software processing request error
198 Combuf Fragmentation error
199 Packet is large than MTU
200 Packet received with DF bit Set and large than MTU
201 Sequence overflow while encryting packet
202 Encption error for out going packet
203 Combuf Ip Ptr NUll Error
204 Combuf Ip Length Error
205 Next Hop ARP not Resolved
206 Multicast buffer error
207 No IGMP entry found
208 No IGMP interface entry found
209 Combuf fields mismatch iplen-enet not equal to etherhdr size
210 IGMP wrong Checksum
211 Multicast not enabled
212 IGMP state table error
213 IGMP message error
214 IGMPV3 message error
215 IGMP version not supported
216 Multicast RTP stateful failed
217 IP Spoof check failed
218 OutGoing interface not available
219 Cache pointer is NULL. NAT policy lookup cannot be performed
220 NAT policy remap failed
221 NAT policy unique remap port failed
222 NAT policy lookup failed. Cache add aborted
223 Connection cache is full
224 Get VPN tunnel interface from policy failed
225 Packet from bounced path
226 Half open ESP connection
227 Half open IPCOMP connection
228 Allocate memory for connection cache failed
229 Packet marked to be dropped on ingress
230 Packet marked to be dropped on egress
231 Packet dropped by BWM CBQ as there is no default queue
232 Packet dropped by BWM CBQ as the queue is full
233 Packet dropped by BWM ACKQ as the queue is full
234 Packet dropped by BWM ACKQ as there is no default queue
235 Packet dropped due to BWM spin lock error
236 MAC-IP Anti-spoof check enforced for hosts.
237 MAC-IP Anti-spoof cache not found for this router.
238 MAC-IP Anti-spoof cache found, but it is not a router.
239 MAC-IP Anti-spoof cache found, but it is blacklisted device.
240 Packet dropped - IDP failure on sslspy packet
241 Packet droppedd - Content filter failure on sslspy packet
242 Packet dropped - failed processing
243 Packet dropped - failed SIP pre-processing
244 Packet dropped - failed SIP post-processing
245 Packet dropped - unknown SIP method
246 Packet dropped - unknown Call-ID in method
247 Packet dropped - invalid Contact:
248 Packet dropped - invalid Call-ID:
249 Packet dropped - invalid Via:
250 Packet dropped - invalid From:
251 Packet dropped - invalid To:
252 Packet dropped - invalid RecordRoute:
253 Packet dropped - invalid Maddr:
254 Packet dropped - invalid Route:
255 Packet dropped - invalid ACK
256 Packet dropped - invalid method
257 Packet dropped - invalid ReferredBy:
258 Packet dropped - invalid ReferredTo:
259 Packet dropped - invalid BYE
260 Packet dropped - invalid CANCEL
261 Packet dropped - invalid INVITE
262 Packet dropped - invalid REGISTER
263 Packet dropped - SDP body not found
264 Packet dropped - bad SDP content length
265 Packet dropped - bad SDP c=
266 Packet dropped - bad SDP m=
267 Packet dropped - failed SDP processing
268 Packet dropped - Geo-IP block for init country
269 Packet dropped - Geo-IP block for resp country
270 Packet dropped - BOTNET block for init command and control center
271 Packet dropped - BOTNET block for resp command and control center
272 -

 

 

Related Articles

  • SonicOS 8.1.0 FAQ
    Read More
  • SonicWall GEN8 TZs and GEN8 NSas Settings Migration
    Read More
  • Getting started with SonicWall firewalls
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community