Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
Explanation of Drop code and Module-ID values in Packet Capture output (SonicOS 6.2.4.2-20n)
12/20/2019 
10 
21646
DESCRIPTION:
The Packet Monitor Feature on the SonicWall is one of the most powerful and useful tools for troubleshooting a wide variety of issues. Any Packets which pass through the SonicWall can be viewed, examined, and even exported to tools like Wireshark.
RESOLUTION:
When viewing output on the System | Packet Capture page, there are two fields that display potentially useful diagnostic information in numeric format. The Module-ID field provides information on the specific area of the firewall (UTM) appliance's firmware that handled a particular packet. The Drop-Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.
NOTE:The following Drop Codes were extracted from SonicOS Enhanced 6.2.4.2 -20n firmware version. These codes may change when a new firmware is available. If unsure, please contact SonicWall support.
There are two ways to contact technical support:
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.
If you do not have a mysonicwall.com account create one for free!
0 1 adminTools |
|
|
| DROP CODES |
| Drop Code ID and name |
0 1 PIP handling error in CP 2 PIP handling error in DP 3 Packet on the backup aggregate interface, but no Sonic END can be found. 4 Broadcast packet on the backup redundant port when primary port is up. 5 Packet the redundancy port, but no Sonic END can be found. 6 CP throttled DP for stack traffic 7 Packet dropped due to pass to stack failed. 8 Packet dropped by outputhook. 9 Inter-blade Packet dropped due to CP pass to stack failed. 10 HA active data packet processing failed. 11 Packet dropped due to CP pass to stack failed. 12 Drop IEEE802 BPDU packet Becuase L2 Bridge block non-ip packets. 13 Dispatching IEEE802 BPDU packet failed. 14 IEEE 802 BPDU support module has not been initialized yet. 15 Invalide Ether type for IEEE 802 BPDU packet. 16 Invalide source address for IEEE 802 BPDU packet. 17 Unknown Ether type ingress. 18 Null Ether header egress. 19 Unknown Ether type egress. 20 IPv6 packets not supported. 21 Packet on invalid vlan 22 Packet ingress on invalid interface 23 Packet egress on invalid interface 24 Packet on invalid device 25 Destination MAC address is not our interface 26 Source MAC address is one of our Interface MAC 27 Device is not attached. 28 Packet on invalid svrrp group 29 Invalid HA packet 30 Invalid IPv6 HA packet 31 Invalid HA ARP packet 32 PPPoE discover packet not allowed 33 Invalid HA SDP packet 34 Routing packet not allowed 35 Routing packet not allowed for BGP packet 36 Routing packet not allowed for ZebOS 37 Routing packet not allowed for v6 ZebOS 38 VLAN filtered. 39 Unicast MACADDR not mine 40 L2B Learning-Bridge filtered 41 Invalid NET-ID found on mist if write. 42 Invalid NET-ID found on if write arp real. 43 Invalid NET-ID found on write ip fast. 44 Invalid NET-ID found on if write. 45 Invalid NET-ID found on if write no mbuf. 46 Invalid Run-time NET data on mist if write. 47 Invalid Run-time NET data on if write arp real. 48 Invalid Run-time NET data on write ip fast. 49 Invalid Run-time NET data on if write. 50 Invalid parent Run-time NET data on if write. 51 Invalid Run-time NET data on if write no mbuf. 52 Invalid parent Run-time NET data on if write no mbuf. 53 Unknown ARP type. 54 Arp reply ignored. 55 IP address not for our subnet 56 ARP unexpected link ip 57 ARP source ip not connected 58 NULL source IP address 59 Own gratuitous arp 60 IP address not on our lan subnet 61 Classical mode, ARP bridge not supported 62 ARP proxy, subnet mismatch 63 Not for me. 64 ARP glean disabled. 65 ARP request from stack 66 ARP response from stack 67 ARP fail to resolve from SonicPoint 68 ARP unknown ethernet address format 69 IP length of fragment UDP packets is too big(>65535), drop 70 Invalid TCP Flag(#1) 71 Invalid TCP Flag(#2) 72 Invalid TCP Options(#1) 73 Invalid TCP Options(#2) 74 Invalid TCP Options(#3) 75 Invalid TCP Options(#4) 76 IP sanity test failed 77 IP sanity test failed in out hook 78 IP advanced sanity test failed 79 Non sonicpoint traffic in wlan zone 80 Multicast spank attack 81 Multicast Data packet dropped 82 Load Balancing Probe error 83 Syn Flood Protection(#1) 84 Syn Flood Protection(#2) 85 Syn Flood Protection(#3) 86 Duplicated in Syn Flood Protection 87 IP source route option found 88 Invalid connection cache. 89 Invalid connection cache after lookup. 90 Unknown destination(#1) 91 Unknown destination(#2) 92 Unknown destination for bridged bcast pkt 93 Bounce traffic detected 94 Access Rule Policy not found 95 AV detection 96 SEC detection 97 DEA detection 98 Bad TFTP packets 99 Enforced firewall rule(#1) 100 Enforced firewall rule(#2) 101 LICENSE drop 102 IDP detection 103 IDP detection Relaod Signatures Database 104 IDP detection Attack Prevented(#1) 105 IDP detection Attack Prevented(#2) 106 IDP detection Fragmentation 107 IDP detection Block Retry Exception 108 IDP detection OOO Exceeded Max 109 IDP detection OOO Out of Buffers 110 IDP detection Keep Original 111 IDP detection, bad tcp checksum 112 IDP detection, bad ip checksum in tcp checking 113 IDP detection, bad ip checksum in tcp packet 114 IDP detection, bad udp checksum 115 IDP detection, bad ip checksum in udp checking 116 IDP detection, bad ip checksum in udp packet 117 IDP detection, bad icmp checksum 118 IDP detection, bad ip checksum in icmp checking 119 IDP detection, bad ip checksum in icmp packet 120 Packet to public IP from inside firewall 121 Bad TTL 122 IP check failed 123 Bad source IP(#1) 124 Bad source IP(#2) 125 Bad output source IP 126 Bad destination MAC address 127 Broadcast not allowed on bridge. 128 Antispam: Going to blacklisted server. 129 Going to blacklisted server. 130 coming from blacklisted server. 131 Broadcast traffic not handled. 132 Multicast forwarding not configured 133 Multicast IGMP state not found 134 Multicast IP not in the allowed list 135 Anti-Spam Connection Limit Reached 136 Active/Active DPI drop offload packet 137 UDP Flood Protection 138 ICMP Flood Protection 139 Guest Service not allowed 140 WLAN Guest Service not allowed 141 Unknown Ether type 142 Incorrect IP Version 143 Blacklisted MAC address 144 Greater IP Length 145 Less IP Length 146 TCP packet length mismatch with interface MTU 147 UDP packet length mismatch with interface MTU 148 Other protocol packet length mismatch with interface MTU 149 First fragment length less than minimum IP MTU 150 Wrong fragmentation boundary(#1). 151 Wrong fragmentation boundary(#2). 152 Wrong IP checksum value(#1). 153 Wrong IP checksum value(#2). 154 Wrong TCP Checksum value. 155 Wrong UDP Checksum value. 156 Wrong ICMP Checksum value(#1). 157 Wrong ICMP Checksum value(#2). 158 ICMP High perf error. 159 NULL Udp port number 160 Non PPP-GRE traffic 161 Missing ESP Header 162 Missing AH Header 163 Missing IPCOMP Header 164 Unknown IP protocol type(#1) 165 Unknown IP protocol type(#2) 166 TTL value is zero. 167 TTL value is zero, case two. 168 l2 mcast but dest ip is unicast(#1) 169 l2 mcast but dest ip is unicast(#2) 170 Null Source Zone. 171 Wrong UDP Length. 172 IGMP packets could not be fragmented 173 RECV: IP pkt recvd without IPCP session 174 RECV: IP pkt recvd without contiguous buf 175 RECV: IP pkt recvd without combuf 176 RECV: TNMP can't alloc contiguous buf 177 XMIT: AHDLC encap no buf 178 XMIT: TNMP can't alloc contiguous buf 179 XMIT: Device not ready to forward traffic 180 XMIT: No IPCP session 181 XMIT: IPCP is down 182 XMIT: No Dialup Msg Buffer available 183 Non Zero GIAddr field in DHCP packet from client 184 Source MAC is different from chAddr field in DHCP client packet 185 Iphelper policy not found for DHCP relay. 186 Iphelper cache not found for DHCP. 187 Zero NSID in Netbios request packet. 188 Iphelper policy not found for Netbios. 189 Iphelper cache not found for Netbios. 190 Zero NSID in Netbios reply packet when recv from server. 191 Zero NSID in Netbios reply packet when recv from client. 192 Zero NSID in Netbios reply packet. 193 Netbios client no egress element 194 Netbios server no egress element 195 Netbios client fail to create record 196 DHCP server fail to relay to client 197 DHCP client no egress element 198 DHCP client fail to create record 199 DHCP server, Ingress interface is same as egress interface. 200 Firewall, Ingress interface is same as egress interface. 201 Other Application, Ingress interface is same as egress interface. 202 Ingress interface is same as egress interface. 203 DHCP server packet dropped, RPF check failed. 204 Netbios client packet dropped, RPF check failed. 205 Netbios server packet dropped, RPF check failed. 206 Other Application relay to client failed 207 Other Application no egress element 208 Other Application fail to create record 209 Other Application packet dropped, RPF check failed. 210 Other Application client packet dropped, RPF check failed. 211 Other Application server packet dropped, RPF check failed. 212 Iphelper policy not found for other Application. 213 Iphelper policy not found for other Application when creating record. 214 Combuf Allocation Error. 215 Memory Allocation Error. 216 BSEG Memory Allocation Error. 217 Length Mismatch. Cant forward pkt!!!. 218 Control message header size error. 219 Drop GRE packet as call not yet established. 220 Invalid GRE Flags or Caller ID. 221 Invalid GRE sequence number. 222 No payload for GRE packet. 223 PPTP Tunnel is not up yet. 224 PPTP Client is not enabled. 225 PPTP WAN Write Spin Lock Error. 226 PPTP Spin Lock Error. 227 PPTP Flow Control Queuing Error. 228 Error copying PPTP combuf chain to continuous buffer. 229 Error fragmenting packet that is larger than PPTP MTU. 230 Enforced Dial-on-Data restriction. 231 PPPDU has not completed initialization. 232 Error fragmenting packet that is larger than PPPDU MTU. 233 PPPDU dropped packet because packet that is larger then PPPDU MTU and fragmentation is disabled. 234 Packet received with DF bit Set and large than MTU 235 PPP MLP link is not up/available. 236 PPP link is not up/available. 237 PPP link is not up. 238 PPP link is not opened. 239 The PPP buffer processing failed. 240 LCP: The PPP buffer is truncated. 241 The PPP buffer decompressing failed. 242 NCP: The PPP buffer is truncated. 243 PPP MLP pre-xmit error. 244 PPP MLP encapsulate error. 245 PPP MLP null pointer found. 246 PPP MLP no data packet. 247 PPP MLP link is not opened. 248 PPP MLP buffer decompressing failed. 249 PPP MLP BAP no netif nlinfo. 250 PPP MLP IP no netif nlinfo. 251 PPP MLP NBF no netif nlinfo. 252 PPP MLP VJCOMP no netif nlinfo. 253 PPP MLP VJCOMP decompressing failed. 254 PPP MLP VJUNCOMP no netif nlinfo. 255 PPP MLP VJUNCOMP decompressing failed. 256 PPP MLP IPX no netif nlinfo. 257 PPP MLP IPX decompressing failed. 258 PPP MLP AT no netif nlinfo. 259 PPP MLP 802.1 no netif nlinfo. 260 PPP MLP IBMSR no netif nlinfo. 261 PPP MLP DECLAN no netif nlinfo. 262 PPP MLP BRIDGE no netif nlinfo. 263 PPP MLP NBFCP no netif nlinfo. 264 PPP MLP IPCP no netif nlinfo. 265 The PPP PAP buffer processing failed. 266 The PPP CHAP buffer processing failed. 267 The PPP NCP buffer processing failed. 268 The PPP LCP buffer processing failed. 269 Received PPP pkt but there is no existing PPP information. 270 PPP Network Interface structure is NULL. 271 PPP Virtual Interface structure is NULL. 272 PPP no active link. 273 PPP dropped packet because it contains unknown protocol. 274 PPP dropped packet because of transmission failure. 275 PPP MLP NCP processing failed 276 PPP dropped packet because NCP is not open. 277 PPP dropped packet because the LCP code is unacceptable. 278 PPP dropped packet because the LCP code is unknown. 279 PPP HDLC PPPOE packet has no payload. 280 PPPOE packet has no payload. 281 The PPPOE buffer processing failed. 282 The PPPOE ingress buffer processing failed. 283 The PPPOE egress buffer processing failed. 284 PPPOE packet dropped because of NULL pointer. 285 PPPOE packet dropped because of NULL pointer in DP. 286 PPPOE packet dropped because BSEG allocation failed. 287 PPPOE packet dropped because buf put head action failed. 288 PPPOE packet dropped because PADO create PAD packet failed. 289 PPPOE packet dropped because PADI create PAD packet failed. 290 PPPOE packet dropped because PADR create PAD packet failed. 291 The PPP HDLC ingress buffer processing failed. 292 The PPP HDLC egress buffer processing failed. 293 The PPP HDLC dropped because of NULL pointer. 294 The PPP HDLC dropped because of NULL pointer in DP. 295 PPP HDLC packet dropped because BSEG allocation failed. 296 PPP HDLC packet dropped because buf put head action failed. 297 The PPP HDLC buffer processing failed. 298 The PPP HDLC PPPOE IPCP is not up. 299 The PPP HDLC PPPOE is not ready. 300 The PPP HDLC PPPOE is not ready in DP. 301 The PPPOE IPCP is not up. 302 The PPPOE module is not yet ready. 303 The PPPOE module is not yet ready in DP. 304 The PPP HDLC PPPOE is not enabled. 305 The PPP HDLC PPPOE is not enabled in DP. 306 The PPPOE module is not enabled. 307 The PPPOE module is not enabled in DP. 308 The PPP HDLC PPPOE is not re/started with NTP packets. 309 The PPP HDLC PPPOE is not re/started with NTP packets in DP. 310 The PPPOE module is not re/started with NTP packets. 311 The PPPOE module is not re/started with NTP packets in DP. 312 The PPP HDLC PPPOE is not re/started with non-IP packets. 313 The PPP HDLC PPPOE is not re/started with non-IP packets in DP. 314 The PPPOE module dropped the packet because it was non-IP. 315 The PPPOE module dropped the packet because it was non-IP in DP. 316 PPP HDLC PPPoE packet has unsupported version. 317 PPPoE packet has unsupported version. 318 Received PPP HDLC PPPOE packet for non-existent PPP session. 319 Received PPP HDLC PPPOE packet for non-existent PPP session in DP. 320 Received PPPoE packet for non-existent PPP session. 321 Received PPPoE packet for non-existent PPP session in DP. 322 PPPoE packet in ether type 'session' has an illegal session id. 323 PPPoE packet in ether type 'discovery' has an illegal session id. 324 PPPoE packet has unknown ethertype. 325 PPPoE packet is missing the service name tag. 326 PPPoE packet was not transmitted. 327 PPPoE packet dropped due to failure in adding enet header. 328 L2TP Length Mismatch 329 L2TP UDP checksum error 330 L2TP buffer corrupted 331 L2TP invalid tunnel 332 L2TP invalid session 333 L2TP Invalid source interface 334 L2TP packet not encrypted 335 L2TP Drop PPP control packet, session not established yet 336 L2TP Tunnel/Seesion Invalid 337 L2TP invalid pkt type 338 L2TP invalid control msg 339 L2TP unsupported version 340 L2TP invalid packet 341 L2TP not enabled on this interface 342 L2TP invalid runtime data 343 L2TP connection not UP 344 L2TP memory allocation failed 345 No IPSec tunnel active for this connection , 346 Invalid L2TP Mode , 347 Pkt pass to stack failed 348 UDP length greater than 1500 349 IP length greater than 1500 350 Pkt authentication failed 351 SA not found on lookup by SPI after decryption 352 SA not found on lookup by SPI after encryption 353 Failed to copy frag chain to contiguous buffer 354 Pkt with SPI less than 256 355 SA not found on lookup by SPI for inbound packet 356 Pkt length smaller than expected 357 Replayed Pkt 358 Pkt received on invalid interface 359 Expecting udp encapsulation 360 Not expecting udp encapsulation 361 Throughput regulator drop inbound pkt 362 Throughput regulator drop inbound pkt in CP 363 HW processing request error for inbound pkt 364 AH auth failed 365 ESP auth failed 366 ESP decrypt failed 367 Unknown protocol 368 Nested tunnels not supported 369 Pkt is not thru tunnell 370 Pkt is not thru tunnel or l2tp transport mode 371 Pkt not destined to mgmt interface 372 Pkt not destined to mgmt interface in CP 373 Pkt not destined to mgmt interface (non-octeon) 374 Pkt from invalid peer 375 VPN access list check failure 376 VPN access list check failure in CP 377 VPN access list check failure (non-octeon) 378 Pkt does not match traffic selectors 379 Pkt fragment not allowed 380 DHCP pkt invalid IP length 381 Octeon Decrypyion Failed for inbound packet 382 Octeon Decrypyion Failed for inbound packet on DP 383 Octeon Decrypyion Failed replay check 384 Octeon Decrypyion Failed non esp ike 385 Octeon Decrypyion Failed MAC compare 386 Octeon Decrypyion Failed Pad check 387 Octeon Decrypyion Failed policy version check 388 Octeon Decrypyion Failed policy direction check 389 Octeon Decrypyion Failed policy direction check on DP 390 Octeon Decrypyion Failed protocol check 391 Octeon Decrypyion Failed SA check 392 Octeon Decrypyion Failed inner checksum 393 Octeon Decrypyion Failed L4 checksum 394 Octeon Decrypyion Failed soft lifebyte check 395 Octeon Decrypyion Failed hard lifebyte check 396 Octeon Decrypyion Failed illegal conf check 397 Octeon Decrypyion Failed illegal auth check 398 Octeon Decrypyion Failed esp payload length check 399 Octeon Decrypyion Failed esp payload length check on DP 400 Octeon Decrypyion Failed esp payload align check 401 Octeon Decrypyion Failed sequence number check 402 Octeon Decrypyion Failed sequence number check on DP 403 Octeon Decrypyion Failed AH hdr len 404 Octeon Decrypyion Fa |
