Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS 6.2.5.1-26n)

03/26/2020 3 People found this article helpful 97,940 Views

Description

Explanation of Drop-Code and Module-ID Values in Packet Capture Output for SonicOS 6.2.5.1-26n.

Resolution

When viewing output in the System > Packet Capture page, there are two fields that display potentially useful diagnostic information in numeric format. The Module-ID field provides information on the specific area of the firewall appliance's firmware that handled a particular packet. The Drop-Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.

Please Note: The following Drop Codes were extracted from SonicOS Enhanced 6.2.5.1-26n firmware version. These codes may change when a new firmware is available. If unsure, please contact SonicWall support.

Module-ID List
ID NAME 1 adminTools 2 attacks 3 av 4 bwmmgmt 5 CIA 6 cli 7 clients 8 config 9 connectionCache 10 contentFilter 11 dea 12 debug 13 dhcpRelay 14 dhtml 15 fileSystem 16 fwCore 17 ha 18 idp 19 ipHelper 20 ipSec 21 lib 22 log	ID NAME 23 modem 24 netObj 25 network 26 packetFilter 27 policy 28 pppStack 29 RADIUS acct 30 redirector 31 reports 32 resource 33 sarc 34 servers 35 snmp 36 spdpp 37 stateful 38 system 39 TRAV2 40 TSA 41 USERS 42 version 43 wizards 44 wlan 45 wlb	ID NAME 46 zones 47 ARP 48 system stack 49 PPTP 50 L2TP 51 PPP-Dialup 52 IGMP 53 PPPOE 54 NAT 55 anti-spam 56 NetMonitor 57 Mirroring 58 SIP 59 BandOpt 60 GMSFlow server 61 APPFlow server 62 QoS 63 IPv6 64 ICMPv6 65

Drop Code List

ID NAME

0

1 PIP handling error in CP

2 PIP handling error in DP

3 Packet on the backup aggregate interface, but no Sonic END can be found.

4 Broadcast packet on the backup redundant port when primary port is up.

5 Packet the redundancy port, but no Sonic END can be found.

6 CP throttled DP for stack traffic

7 Packet dropped due to pass to stack failed.

8 Packet dropped by outputhook.

9 Inter-blade Packet dropped due to CP pass to stack failed.

10 HA active data packet processing failed.

11 Packet dropped due to CP pass to stack failed.

12 Drop IEEE802 BPDU packet Becuase L2 Bridge block non-ip packets.

13 Dispatching IEEE802 BPDU packet failed.

14 IEEE 802 BPDU support module has not been initialized yet.

15 Invalide Ether type for IEEE 802 BPDU packet.

16 Invalide source address for IEEE 802 BPDU packet.

17 Unknown Ether type ingress.

18 Null Ether header egress.

19 Unknown Ether type egress.

20 IPv6 packets not supported.

21 Packet on invalid vlan

22 Packet ingress on invalid interface

23 Packet egress on invalid interface

24 Packet on invalid device

25 Destination MAC address is not our interface

26 Source MAC address is one of our Interface MAC

27 Device is not attached.

28 Packet on invalid svrrp group

29 Invalid HA packet

30 Invalid IPv6 HA packet

31 Invalid HA ARP packet

32 PPPoE discover packet not allowed

33 Invalid HA SDP packet

34 Routing packet not allowed

35 Routing packet not allowed for BGP packet

36 Routing packet not allowed for ZebOS

37 Routing packet not allowed for v6 ZebOS

38 VLAN filtered.

39 Unicast MACADDR not mine

40 L2B Learning-Bridge filtered

41 Invalid NET-ID found on mist if write.

42 Invalid NET-ID found on if write arp real.

43 Invalid NET-ID found on write ip fast.

44 Invalid NET-ID found on if write.

45 Invalid NET-ID found on if write no mbuf.

46 Invalid Run-time NET data on mist if write.

47 Invalid Run-time NET data on if write arp real.

48 Invalid Run-time NET data on write ip fast.

49 Invalid Run-time NET data on if write.

50 Invalid parent Run-time NET data on if write.

51 Invalid Run-time NET data on if write no mbuf.

52 Invalid parent Run-time NET data on if write no mbuf.

53 Unknown ARP type.

54 Arp reply ignored.

55 IP address not for our subnet

56 ARP unexpected link ip

57 ARP source ip not connected

58 NULL source IP address

59 Own gratuitous arp

60 IP address not on our lan subnet

61 Classical mode, ARP bridge not supported

62 ARP proxy, subnet mismatch

63 Not for me.

64 ARP glean disabled.

65 ARP request from stack

66 ARP response from stack

67 ARP fail to resolve from SonicPoint

68 ARP unknown ethernet address format

69 IP length of fragment UDP packets is too big(>65535), drop

70 Invalid TCP Flag(#1)

71 Invalid TCP Flag(#2)

72 Invalid TCP Options(#1)

73 Invalid TCP Options(#2)

74 Invalid TCP Options(#3)

75 Invalid TCP Options(#4)

76 IP sanity test failed

77 IP sanity test failed in out hook

78 IP advanced sanity test failed

79 Non sonicpoint traffic in wlan zone

80 Multicast spank attack

81 Multicast Data packet dropped

82 Load Balancing Probe error

83 Syn Flood Protection(#1)

84 Syn Flood Protection(#2)

85 Syn Flood Protection(#3)

86 Duplicated in Syn Flood Protection

87 IP source route option found

88 Invalid connection cache.

89 Invalid connection cache after lookup.

90 Unknown destination(#1)

91 Unknown destination(#2)

92 Unknown destination for bridged bcast pkt

93 Bounce traffic detected

94 Access Rule Policy not found

95 AV detection

96 SEC detection

97 DEA detection

98 Bad TFTP packets

99 Enforced firewall rule(#1)

100 Enforced firewall rule(#2)

101 Enforced Content Filter Policy

102 LICENSE drop

103 IDP detection

104 IDP detection Relaod Signatures Database

105 IDP detection Attack Prevented(#1)

106 IDP detection Attack Prevented(#2)

107 IDP detection Fragmentation

108 IDP detection Block Retry Exception

109 IDP detection OOO Exceeded Max

110 IDP detection OOO Out of Buffers

111 IDP detection Keep Original

112 IDP detection, bad tcp checksum

113 IDP detection, bad ip checksum in tcp checking

114 IDP detection, bad ip checksum in tcp packet

115 IDP detection, bad udp checksum

116 IDP detection, bad ip checksum in udp checking

117 IDP detection, bad ip checksum in udp packet

118 IDP detection, bad icmp checksum

119 IDP detection, bad ip checksum in icmp checking

120 IDP detection, bad ip checksum in icmp packet

121 Packet to public IP from inside firewall

122 Bad TTL

123 IP check failed

124 Bad source IP(#1)

125 Bad source IP(#2)

126 Bad output source IP

127 Bad destination MAC address

128 Broadcast not allowed on bridge.

129 Antispam: Going to blacklisted server.

130 Going to blacklisted server.

131 coming from blacklisted server.

132 Broadcast traffic not handled.

133 Multicast forwarding not configured

134 Multicast IGMP state not found

135 Multicast IP not in the allowed list

136 Anti-Spam Connection Limit Reached

137 Active/Active DPI drop offload packet

138 UDP Flood Protection

139 ICMP Flood Protection

140 UDP Flood Protection For IPv6

141 ICMPv6 Flood Protection

142 Control Plane Flood Protection

143 Guest Service not allowed

144 WLAN Guest Service not allowed

145 Unknown Ether type

146 Incorrect IP Version

147 Blacklisted MAC address

148 Greater IP Length

149 Less IP Length

150 TCP packet length mismatch with interface MTU

151 UDP packet length mismatch with interface MTU

152 Other protocol packet length mismatch with interface MTU

153 First fragment length less than minimum IP MTU

154 Wrong fragmentation boundary(#1).

155 Wrong fragmentation boundary(#2).

156 Wrong IP checksum value(#1).

157 Wrong IP checksum value(#2).

158 Wrong TCP Checksum value.

159 Wrong UDP Checksum value.

160 Wrong ICMP Checksum value(#1).

161 Wrong ICMP Checksum value(#2).

162 ICMP High perf error.

163 NULL Udp port number

164 Non PPP-GRE traffic

165 Missing ESP Header

166 Missing AH Header

167 Missing IPCOMP Header

168 Unknown IP protocol type(#1)

169 Unknown IP protocol type(#2)

170 TTL value is zero.

171 TTL value is zero, case two.

172 l2 mcast but dest ip is unicast(#1)

173 l2 mcast but dest ip is unicast(#2)

174 Null Source Zone.

175 Wrong UDP Length.

176 IGMP packets could not be fragmented

177 RECV: IP pkt recvd without IPCP session

178 RECV: IP pkt recvd without contiguous buf

179 RECV: IP pkt recvd without combuf

180 RECV: TNMP can't alloc contiguous buf

181 XMIT: AHDLC encap no buf

182 XMIT: TNMP can't alloc contiguous buf

183 XMIT: Device not ready to forward traffic

184 XMIT: No IPCP session

185 XMIT: IPCP is down

186 XMIT: No Dialup Msg Buffer available

187 Non Zero GIAddr field in DHCP packet from client

188 Source MAC is different from chAddr field in DHCP client packet

189 Iphelper policy not found for DHCP relay.

190 Iphelper cache not found for DHCP.

191 Zero NSID in Netbios request packet.

192 Iphelper policy not found for Netbios.

193 Iphelper cache not found for Netbios.

194 Zero NSID in Netbios reply packet when recv from server.

195 Zero NSID in Netbios reply packet when recv from client.

196 Zero NSID in Netbios reply packet.

197 Netbios client no egress element

198 Netbios server no egress element

199 Netbios client fail to create record

200 DHCP server fail to relay to client

201 DHCP client no egress element

202 DHCP client fail to create record

203 DHCP server, Ingress interface is same as egress interface.

204 Firewall, Ingress interface is same as egress interface.

205 Other Application, Ingress interface is same as egress interface.

206 Ingress interface is same as egress interface.

207 DHCP server packet dropped, RPF check failed.

208 Netbios client packet dropped, RPF check failed.

209 Netbios server packet dropped, RPF check failed.

210 Other Application relay to client failed

211 Other Application no egress element

212 Other Application fail to create record

213 Other Application packet dropped, RPF check failed.

214 Other Application client packet dropped, RPF check failed.

215 Other Application server packet dropped, RPF check failed.

216 Iphelper policy not found for other Application.

217 Iphelper policy not found for other Application when creating record.

218 Combuf Allocation Error.

219 Memory Allocation Error.

220 BSEG Memory Allocation Error.

221 Length Mismatch. Cant forward pkt!!!.

222 Control message header size error.

223 Drop GRE packet as call not yet established.

224 Invalid GRE Flags or Caller ID.

225 Invalid GRE sequence number.

226 No payload for GRE packet.

227 PPTP Tunnel is not up yet.

228 PPTP Client is not enabled.

229 PPTP WAN Write Spin Lock Error.

230 PPTP Spin Lock Error.

231 PPTP Flow Control Queuing Error.

232 Error copying PPTP combuf chain to continuous buffer.

233 Error fragmenting packet that is larger than PPTP MTU.

234 Enforced Dial-on-Data restriction.

235 PPPDU has not completed initialization.

236 Error fragmenting packet that is larger than PPPDU MTU.

237 PPPDU dropped packet because packet that is larger then PPPDU MTU and fragmentation is disabled.

238 Packet received with DF bit Set and large than MTU

239 PPP MLP link is not up/available.

240 PPP link is not up/available.

241 PPP link is not up.

242 PPP link is not opened.

243 The PPP buffer processing failed.

244 LCP: The PPP buffer is truncated.

245 The PPP buffer decompressing failed.

246 NCP: The PPP buffer is truncated.

247 PPP MLP pre-xmit error.

248 PPP MLP encapsulate error.

249 PPP MLP null pointer found.

250 PPP MLP no data packet.

251 PPP MLP link is not opened.

252 PPP MLP buffer decompressing failed.

253 PPP MLP BAP no netif nlinfo.

254 PPP MLP IP no netif nlinfo.

255 PPP MLP NBF no netif nlinfo.

256 PPP MLP VJCOMP no netif nlinfo.

257 PPP MLP VJCOMP decompressing failed.

258 PPP MLP VJUNCOMP no netif nlinfo.

259 PPP MLP VJUNCOMP decompressing failed.

260 PPP MLP IPX no netif nlinfo.

261 PPP MLP IPX decompressing failed.

262 PPP MLP AT no netif nlinfo.

263 PPP MLP 802.1 no netif nlinfo.

264 PPP MLP IBMSR no netif nlinfo.

265 PPP MLP DECLAN no netif nlinfo.

266 PPP MLP BRIDGE no netif nlinfo.

267 PPP MLP NBFCP no netif nlinfo.

268 PPP MLP IPCP no netif nlinfo.

269 The PPP PAP buffer processing failed.

270 The PPP CHAP buffer processing failed.

271 The PPP NCP buffer processing failed.

272 The PPP LCP buffer processing failed.

273 Received PPP pkt but there is no existing PPP information.

274 PPP Network Interface structure is NULL.

275 PPP Virtual Interface structure is NULL.

276 PPP no active link.

277 PPP dropped packet because it contains unknown protocol.

278 PPP dropped packet because of transmission failure.

279 PPP MLP NCP processing failed

280 PPP dropped packet because NCP is not open.

281 PPP dropped packet because the LCP code is unacceptable.

282 PPP dropped packet because the LCP code is unknown.

283 PPP HDLC PPPOE packet has no payload.

284 PPPOE packet has no payload.

285 The PPPOE buffer processing failed.

286 The PPPOE ingress buffer processing failed.

287 The PPPOE egress buffer processing failed.

288 PPPOE packet dropped because of NULL pointer.

289 PPPOE packet dropped because of NULL pointer in DP.

290 PPPOE packet dropped because BSEG allocation failed.

291 PPPOE packet dropped because buf put head action failed.

292 PPPOE packet dropped because PADO create PAD packet failed.

293 PPPOE packet dropped because PADI create PAD packet failed.

294 PPPOE packet dropped because PADR create PAD packet failed.

295 The PPP HDLC ingress buffer processing failed.

296 The PPP HDLC egress buffer processing failed.

297 The PPP HDLC dropped because of NULL pointer.

298 The PPP HDLC dropped because of NULL pointer in DP.

299 PPP HDLC packet dropped because BSEG allocation failed.

300 PPP HDLC packet dropped because buf put head action failed.

301 The PPP HDLC buffer processing failed.

302 The PPP HDLC PPPOE IPCP is not up.

303 The PPP HDLC PPPOE is not ready.

304 The PPP HDLC PPPOE is not ready in DP.

305 The PPPOE IPCP is not up.

306 The PPPOE module is not yet ready.

307 The PPPOE module is not yet ready in DP.

308 The PPP HDLC PPPOE is not enabled.

309 The PPP HDLC PPPOE is not enabled in DP.

310 The PPPOE module is not enabled.

311 The PPPOE module is not enabled in DP.

312 The PPP HDLC PPPOE is not re/started with NTP packets.

313 The PPP HDLC PPPOE is not re/started with NTP packets in DP.

314 The PPPOE module is not re/started with NTP packets.

315 The PPPOE module is not re/started with NTP packets in DP.

316 The PPP HDLC PPPOE is not re/started with non-IP packets.

317 The PPP HDLC PPPOE is not re/started with non-IP packets in DP.

318 The PPPOE module dropped the packet because it was non-IP.

319 The PPPOE module dropped the packet because it was non-IP in DP.

320 PPP HDLC PPPoE packet has unsupported version.

321 PPPoE packet has unsupported version.

322 Received PPP HDLC PPPOE packet for non-existent PPP session.

323 Received PPP HDLC PPPOE packet for non-existent PPP session in DP.

324 Received PPPoE packet for non-existent PPP session.

325 Received PPPoE packet for non-existent PPP session in DP.

326 PPPoE packet in ether type 'session' has an illegal session id.

327 PPPoE packet in ether type 'discovery' has an illegal session id.

328 PPPoE packet has unknown ethertype.

329 PPPoE packet is missing the service name tag.

330 PPPoE packet was not transmitted.

331 PPPoE packet dropped due to failure in adding enet header.

332 L2TP Length Mismatch

333 L2TP UDP checksum error

334 L2TP buffer corrupted

335 L2TP invalid tunnel

336 L2TP invalid session

337 L2TP Invalid source interface

338 L2TP packet not encrypted

339 L2TP Drop PPP control packet, session not established yet

340 L2TP Tunnel/Seesion Invalid

341 L2TP invalid pkt type

342 L2TP invalid control msg

343 L2TP unsupported version

344 L2TP invalid packet

345 L2TP not enabled on this interface

346 L2TP invalid runtime data

347 L2TP connection not UP

348 L2TP memory allocation failed

349 No IPSec tunnel active for this connection ,

350 Invalid L2TP Mode ,

351 Pkt pass to stack failed

352 UDP length greater than 1500

353 IP length greater than 1500

354 Pkt authentication failed

355 SA not found on lookup by SPI after decryption

356 SA not found on lookup by SPI after encryption

357 Failed to copy frag chain to contiguous buffer

358 Pkt with SPI less than 256

359 SA not found on lookup by SPI for inbound packet

360 Pkt length smaller than expected

361 Replayed Pkt

362 Pkt received on invalid interface

363 Expecting udp encapsulation

364 Not expecting udp encapsulation

365 Throughput regulator drop inbound pkt

366 Throughput regulator drop inbound pkt in CP

367 HW processing request error for inbound pkt

368 AH auth failed

369 ESP auth failed

370 ESP decrypt failed

371 Unknown protocol

372 Nested tunnels not supported

373 Pkt is not thru tunnell

374 Pkt is not thru tunnel or l2tp transport mode

375 Pkt not destined to mgmt interface

376 Pkt not destined to mgmt interface in CP

377 Pkt not destined to mgmt interface (non-octeon)

378 Pkt from invalid peer

379 VPN access list check failure

380 VPN access list check failure in CP

381 VPN access list check failure (non-octeon)

382 Pkt does not match traffic selectors

383 Pkt fragment not allowed

384 DHCP pkt invalid IP length

385 Octeon Decrypyion Failed for inbound packet

386 Octeon Decrypyion Failed for inbound packet on DP

387 Octeon Decrypyion Failed replay check

388 Octeon Decrypyion Failed non esp ike

389 Octeon Decrypyion Failed MAC compare

390 Octeon Decrypyion Failed Pad check

391 Octeon Decrypyion Failed policy version check

392 Octeon Decrypyion Failed policy direction check

393 Octeon Decrypyion Failed policy direction check on DP

394 Octeon Decrypyion Failed protocol check

395 Octeon Decrypyion Failed SA check

396 Octeon Decrypyion Failed inner checksum

397 Octeon Decrypyion Failed L4 checksum

398 Octeon Decrypyion Failed soft lifebyte check

399 Octeon Decrypyion Failed hard lifebyte check

400 Octeon Decrypyion Failed illegal conf check

401 Octeon Decrypyion Failed illegal auth check

402 Octeon Decrypyion Failed esp payload length check

403 Octeon Decrypyion Failed esp payload length check on DP

404 Octeon Decrypyion Failed esp payload align check

405 Octeon Decrypyion Failed sequence number check

406 Octeon Decrypyion Failed sequence number check on DP

407 Octeon Decrypyion Failed AH hdr len

408 Octeon Decrypyion Failed Selector check

409 Octeon Decrypyion inbound SA not found

410 Incoming packet's combuf Ip Length Error

411 Combuf Ip Ptr Null Error

412 Multicast sa not found

413 SA not found on lookup by SPI for outbound pkt

414 Incorrect src IP on mgmt SA

415 Throughput regulator drop outbound pkt

416 Throughput regulator drop outbound pkt in CP

417 Insufficient command context for outbound pkt

418 HW processing request error for outbound pkt

419 Software esp decrypt processing request error

420 Software esp auth processing request error

421 Software ah auth processing request error

422 Software null sa processing request error

423 Software processing request error

424 Software malloc combuf fragment error

425 Combuf Fragmentation error

426 Combuf Fragmentation disallowed(#1)

427 Combuf Fragmentation disallowed(#2)

428 Combuf Fragmentation error after encryption

429 Combuf Fragmentation error after encryption in CP

430 Packet is large than MTU

431 IPSec MTU is less than IPv6 standard header size(#1)

432 IPSec MTU is less than IPv6 standard header size(#2)

433 Packet is large than MTU after encryption

434 Packet received with DF bit Set and large than MTU

435 Packet received in IPv6 and large than MTU(#1)

436 Packet received in IPv6 and large than MTU(#2)

437 Sequence overflow while encryting packet

438 Encption error for out going packet

439 Combuf Ip Ptr NUll Error

440 Combuf Ip Length Error

441 Combuf Ipv6 Length Error

442 Next Hope MAC ARP error

443 Next Hope ARP not Resolved

444 Multicast buffer error

445 No IGMP entry found when leaving

446 No IGMP entry found when forwarding

447 No IGMP interface entry found

448 Combuf fields mismatch iplen-enet not equal to etherhdr size

449 IGMP wrong Checksum

450 Multicast not enabled

451 Multicast not enabled(IGMP)

452 IGMPv2 state table error

453 IGMPv3 state table error

454 IGMP message has invalid length

455 IGMP message has invalid destination

456 IGMP message has invalid subtype

457 IGMPv3 message has invalid data length

458 IGMPv3 message has less data record

459 IGMPv3 message is invalid

460 IGMP query message version is not supported

461 IGMP report message version is not supported

462 IGMP message version is unknown

463 IGMP version not supported

464 Multicast RTP stateful failed

465 IP Spoof check failed recorded in module conncache

466 IP Spoof check failed recorded in module network

467 OutGoing interface not available

468 OutGoing interface is invalid

469 OutGoing interface is invalid for V6(#1)

470 OutGoing interface is invalid for V6(#21)

471 OutGoing interface is invalid for V6(#3)

472 OutGoing interface is invalid for V6(#4)

473 OutGoing interface is invalid for V6(#5)

474 OutGoing interface is invalid for V6(#6)

475 OutGoing interface is invalid for V6(#7)

476 OutGoing interface is invalid for V6(#8)

477 Cache pointer is NULL. NAT policy lookup cannot be performed

478 Cache add to hash table failed

479 NAT policy remap failed for original src

480 NAT policy remap failed for original dst

481 NAT policy remap failed for original svc

482 NAT policy remap failed for translated src

483 NAT policy remap failed for translated dst

484 NAT policy remap failed for translated svc

485 NAT policy generate unique r

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Capture Cloud Platform

Federal

Partner Portal

Support Portal

Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS 6.2.5.1-26n)

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Stay In Touch