Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS 5.8.1.15.71o)

03/26/2020 1,033 People found this article helpful 143,209 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    When viewing output on the Investigate | Packet Monitor page, there are two fields that display potentially useful diagnostic information in numeric format under Packet detail:

    • The Module-ID field provides information on the specific area of the firewall appliance's firmware that handled a particular packet.
    • The Drop-Code field provides a reason why the appliance dropped a particular packet.

      This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.

      The following Drop-Codes were extracted from SonicOS Enhanced 5.8.1.15.71o firmware version, however these codes may change when a new firmware is available.

    Resolution

    When viewing output on the System > Packet Capture page, there are two fields that display potentially useful diagnostic information in numeric format. The Module-ID field provides information on the specific area of the firewall (UTM) appliance's firmware that handled a particular packet. The Drop-Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.

    Please Note: The following Drop-Codes were extracted from SonicOS Enhanced 5.8.1.15-71o firmware version, however these codes may change when a new firmware is available. When unsure please contact SonicWall support.

    Module ID and Module Name:

    0
    1 adminTools
    2 attacks
    3 av
    4 bwmmgmt
    5 CIA
    6 cli
    7 cli2
    8 clients
    9 config
    10 connectionCache
    11 contentFilter
    12 dea
    13 debug
    14 dhcpRelay
    15 dhtml
    16 fileSystem
    17 fwCore
    18 ha
    19 idp
    20 ipHelper

    21 ipSec
    22 lib
    23 log
    24 modem
    25 netObj
    26 network
    27 packetFilter
    28 policy
    29 pppStack
    30 redirector
    31 reports
    32 resource
    33 sarc
    34 servers
    35 snmp
    36 spdpp
    37 stateful
    38 system
    39 TRAV2
    40 TSA

    41 USERS
    42 version
    43 wizards
    44 wlan
    45 wlb
    46 zones
    47 ARP
    48 system stack
    49 PPTP
    50 L2TP
    51 PPP-Dialup
    52 IGMP
    53 PPPOE
    54 NAT
    55 anti-spam
    56 NetMonitor
    57 Mirroring
    58 SIP
    59 BandOpt
    60

     

    Drop-Code:

     Error code and Name

    0
    1 Unknown Ether type.
    2 IPv6 packets not supported.
    3 Packet on invalid vlan
    4 Packet on invalid interface
    5 Invalid HA packet
    6 Invalid HA ARP packet
    7 PPPoE discover packet not allowed
    8 Invalid HA SDP packet
    9 Routing packet not allowed
    10 VLAN filtered.
    11 L2B Learning-Bridge filtered
    12 Invalid NET-ID found.
    13 Invalid Run-time NET data.
    14 Unknown ARP type.
    15 Arp reply ignored.
    16 IP address not for our subnet
    17 NULL source IP address
    18 Own gratuitous arp
    19 IP address not on our lan subnet
    20 Classical mode, ARP bridge not supported
    21 ARP proxy, subnet mismatch
    22 Not for me.
    23 Invalid TCP Flag
    24 Invalid TCP Options
    25 IP sanity test failed
    26 Non sonicpoint traffic in wlan zone
    27 Multicast spank attack
    28 Multicast Data packet dropped
    29 Load Balancing Probe error
    30 Syn Flood Protection
    31 IP source route option found
    32  Invalid connection cache.
    33 Unknown destination
    34 Bounce traffic detected
    35 Access Rule Policy not found
    36 AV detection
    37 DEA detection
    38 Bad TFTP packets
    39 Enforced firewall rule
    40  LICENSE drop
    41 IDP detection
    42 Packet to public IP from inside firewall
    43 Bad TTL
    44 IP check failed
    45 Bad source IP
    46 Bad destination MAC address
    47 Broadcast not allowed on bridge.
    48 Going to blacklisted server.
    49 coming from blacklisted server.
    50 Broadcast traffic not handled.
    51 Multicast forwarding not configured
    52 Multicast IGMP state not found
    53 Multicast IP not in the allowed list
    54 Anti-Spam Connection Limit Reached
    55 Active/Active UTM drop offload packet
    56 Unknown Ether type
    57 Incorrect IP Version
    58 Blacklisted MAC address
    59 Wrong IP Length
    60 Packet length mismatch with interface MTU
    61 Wrong fragmentation boundary.
    62  Wrong IP checksum value.
    63 Wrong TCP Checksum value.
    64 Wrong UDP Checksum value.
    65 Wrong ICMP Checksum value.
    66 NULL Udp port number
    67 Non PPP-GRE traffic
    68 Missing ESP Header
    69 Missing AH Header
    70 Missing IPCOMP Header
    71 Unknown IP protocol type
    72 TTL value is zero.
    73 l2 mcast but dest ip is unicast
    74 Null Source Zone.
    75 Wrong UDP Length.
    76 RECV: IP pkt recvd without IPCP session
    77 RECV: TNMP can't alloc contiguous buf
    78 XMIT: AHDLC encap no buf
    79 XMIT: TNMP can't alloc contiguous buf
    80 XMIT: Device not ready to forward traffic
    81 XMIT: No IPCP session
    82 XMIT: No Dialup Msg Buffer available
    83 Non Zero GIAddr field in DHCP packet from client
    84 Source MAC is different from chAddr field in DHCP client packet
    85 Iphelper policy not found for DHCP relay.
    86 Iphelper cache not found for DHCP.
    87 Zero NSID in Netbios request packet.
    88 Iphelper policy not found for Netbios.
    89 Iphelper cache not found for Netbios.
    90 Zero NSID in Netbios reply packet.
    91 Ingress interface is same as egress interface.
    92 DHCP server packet dropped, RPF check failed.
    93 Netbios packet dropped, RPF check failed.
    94 Other Application packet dropped, RPF check failed.
    95 Iphelper policy not found for other Application.
    96 Memory Allocation Error.
    97 Length Mismatch. Cant forward pkt!!!.
    98 Control message header size error.
    99 Drop GRE packet as call not yet established.
    100 Invalid GRE Flags or Caller ID.

    101 Invalid GRE sequence number.
    102 No payload for GRE packet.
    103 PPTP Tunnel is not up yet.
    104 PPTP Client is not enabled.
    105 PPTP Spin Lock Error.
    106 PPTP Flow Control Queuing Error.
    107 Error copying PPTP combuf chain to continuous buffer.
    108 Error fragmenting packet that is larger than PPTP MTU.
    109 Enforced Dial-on-Data restriction.
    110 PPPDU has not completed initialization.
    111 Error fragmenting packet that is larger than PPPDU MTU.
    112 PPPDU dropped packet because packet that is larger then PPPDU MTU and fragmentation is disabled.
    113 Packet received with DF bit Set and large than MTU
    114 PPP link is not up/available.
    115 The PPP buffer processing failed.
    116 Received PPP pkt but there is no existing PPP information.
    117 PPP Network Interface structure is NULL.
    118 PPP Virtual Interface structure is NULL.
    119 PPP dropped packet because it contains unknown protocol.
    120 PPP dropped packet because of transmission failure.
    121 PPP dropped packet because NCP is not open.
    122 PPP dropped packet because the LCP code is unacceptable.
    123 PPPOE packet has no payload.
    124 The PPPOE buffer processing failed.
    125 The PPPOE module is not yet ready.
    126 The PPPOE module is not enabled.
    127 The PPPOE module is not re/started with NTP packets.
    128 The PPPOE module dropped the packet because it was non-IP.
    129 PPPoE packet has unsupported version.
    130 Received PPPoE packet for non-existent PPP session
    131 PPPoE packet has an illegal session id.
    132 PPPoE packet has unknown ethertype.
    133 PPPoE packet is missing the service name tag.
    134 PPPoE packet was not transmitted.
    135 PPPoE packet dropped due to failure in adding enet header.
    136 L2TP Length Mismatch
    137 L2TP UDP checksum error
    138 L2TP buffer corrupted
    139 L2TP invalid tunnel
    140 L2TP invalid session
    141 L2TP Invalid source interface
    142 L2TP packet not encrypted
    143 L2TP Drop PPP control packet, session not established yet
    144 L2TP Tunnel/Seesion Invalid
    145 L2TP invalid pkt type
    146 L2TP invalid control msg
    147 L2TP unsupported version
    148 L2TP not enabled on this interface
    149 L2TP invalid packet
    150 L2TP invalid runtime data
    151 L2TP connection not UP
    152 L2TP memory allocation failed
    153 No IPSec tunnel active for this connection ,
    154 Invalid L2TP Mode ,
    155 Pkt pass to stack failed
    156 UDP length greater than 1500
    157 IP length greater than 1500
    158 Pkt authentication failed
    159 SA not found on lookup by SPI after decryption
    160 SA not found on lookup by SPI after encryption
    161 Failed to copy frag chain to contiguous buffer
    162 Pkt with SPI less than 256
    163 SA not found on lookup by SPI for inbound packet
    164 Pkt length smaller than expected
    165 Replayed Pkt
    166 Pkt received on invalid interface
    167 Expecting udp encapsulation
    168 Not expecting udp encapsulation
    169 Throughput regulator drop inbound pkt
    170 HW processing request error for inbound pkt
    171 AH auth failed
    172 ESP auth failed
    173 ESP decrypt failed
    174 Unknown protocol
    175 Nested tunnels not supported
    176 Pkt is not thru tunnell
    177 Pkt is not thru tunnel or l2tp transport mode
    178 Pkt not destined to mgmt interface
    179 Pkt from invalid peer
    180 VPN access list check failure
    181 Pkt does not match traffic selectors
    182 Pkt fragment not allowed
    183 DHCP pkt invalid IP length
    184 Octeon Decrypyion Failed for inbound packet
    185 Incoming packet's combuf Ip Length Error
    186 Combuf Ip Ptr Null Error
    187 Multicast sa not found
    188 SA not found on lookup by SPI for outbound pkt
    189 Incorrect src IP on mgmt SA
    190 Throughput regulator drop outbound pkt
    191 Insufficient command context for outbound pkt
    192 HW processing request error for outbound pkt
    193 Software esp decrypt processing request error
    194 Software esp auth processing request error
    195 Software ah auth processing request error
    196 Software null sa processing request error
    197 Software processing request error
    198 Combuf Fragmentation error
    199 Packet is large than MTU
    200 Packet received with DF bit Set and large than MTU

    201 Sequence overflow while encryting packet
    202 Encption error for out going packet
    203 Combuf Ip Ptr NUll Error
    204 Combuf Ip Length Error
    205 Next Hop ARP not Resolved
    206 Multicast buffer error
    207 No IGMP entry found
    208 No IGMP interface entry found
    209 Combuf fields mismatch iplen-enet not equal to etherhdr size
    210 IGMP wrong Checksum
    211 Multicast not enabled
    212 IGMP state table error
    213 IGMP message error
    214 IGMPV3 message error
    215 IGMP version not supported
    216 Multicast RTP stateful failed
    217 IP Spoof check failed
    218 OutGoing interface not available
    219 Cache pointer is NULL. NAT policy lookup cannot be performed
    220 NAT policy remap failed
    221 NAT policy unique remap port failed
    222 NAT policy lookup failed. Cache add aborted
    223 Connection cache is full
    224 Get VPN tunnel interface from policy failed
    225 Packet from bounced path
    226 Half open ESP connection
    227 Half open IPCOMP connection
    228 Allocate memory for connection cache failed
    229 Packet marked to be dropped on ingress
    230 Packet marked to be dropped on egress
    231 Packet dropped by BWM CBQ as there is no default queue
    232 Packet dropped by BWM CBQ as the queue is full
    233 Packet dropped by BWM ACKQ as the queue is full
    234 Packet dropped by BWM ACKQ as there is no default queue
    235 Packet dropped due to BWM spin lock error
    236 MAC-IP Anti-spoof check enforced for hosts.
    237 MAC-IP Anti-spoof cache not found for this router.
    238 MAC-IP Anti-spoof cache found, but it is not a router.
    239 MAC-IP Anti-spoof cache found, but it is blacklisted device.
    240 Packet dropped - IDP failure on sslspy packet
    241 Packet droppedd - Content filter failure on sslspy packet
    242 Packet dropped - failed processing
    243 Packet dropped - failed SIP pre-processing
    244 Packet dropped - failed SIP post-processing
    245 Packet dropped - unknown SIP method
    246 Packet dropped - unknown Call-ID in method
    247 Packet dropped - invalid Contact:
    248 Packet dropped - invalid Call-ID:
    249 Packet dropped - invalid Via:
    250 Packet dropped - invalid From:
    251 Packet dropped - invalid To:
    252 Packet dropped - invalid RecordRoute:
    253 Packet dropped - invalid Maddr:
    254 Packet dropped - invalid Route:
    255 Packet dropped - invalid ACK
    256 Packet dropped - invalid method
    257 Packet dropped - invalid ReferredBy:
    258 Packet dropped - invalid ReferredTo:
    259 Packet dropped - invalid BYE
    260 Packet dropped - invalid CANCEL
    261 Packet dropped - invalid INVITE
    262 Packet dropped - invalid REGISTER
    263 Packet dropped - SDP body not found
    264 Packet dropped - bad SDP content length
    265 Packet dropped - bad SDP c=
    266 Packet dropped - bad SDP m=
    267 Packet dropped - failed SDP processing
    268 Packet dropped - Geo-IP block for init country
    269 Packet dropped - Geo-IP block for resp country
    270 Packet dropped - BOTNET block for init command and control center
    271 Packet dropped - BOTNET block for resp command and control center
    272 -

     

     

    Related Articles

    • DHCP server packet dropped, RPF check failed
    • How to Block Facebook Apps using Application Control
    • How to disable DPI-SSL Client and DPI-SSL Server as per access rule?

    Categories

    • Firewalls > SonicWall NSA Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > TZ Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:6e772ae5ec3bd53085d61ae1ba343a92-93