Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 5.8.4

03/26/2020 7 People found this article helpful 198,653 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 5.8.4.0-7o firmware)

    Resolution

    When viewing output on the System > Packet Capture page, there are two fields that display potentially useful diagnostic information in numeric format. The Module-ID field provides information on the specific area of the firewall (UTM) appliance's firmware that handled a particular packet. The Drop-Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.

    Please Note: The following Drop-Codes were extracted from SonicOS Enhanced 5.8.0.4-7o firmware version, however these codes may change when a new firmware is available. When unsure please contact SonicWall support.

    Module ID and Module Name:

    0
    1 adminTools
    2 attacks
    3 av
    4 bwmmgmt
    5 CIA
    6 cli
    7 cli2
    8 clients
    9 config
    10 connectionCache
    11 contentFilter
    12 dea
    13 debug
    14 dhcpRelay
    15 dhtml
    16 fileSystem
    17 fwCore
    18 ha
    19 idp
    20 ipHelper

    21 ipSec
    22 lib
    23 log
    24 modem
    25 netObj
    26 network
    27 packetFilter
    28 policy
    29 pppStack
    30 redirector
    31 reports
    32 resource
    33 sarc
    34 servers
    35 snmp
    36 spdpp
    37 stateful
    38 system
    39 TRAV2
    40 TSA

    41 USERS
    42 version
    43 wizards
    44 wlan
    45 wlb
    46 zones
    47 ARP
    48 system stack
    49 PPTP
    50 L2TP
    51 PPP-Dialup
    52 IGMP
    53 PPPOE
    54 NAT
    55 anti-spam
    56 NetMonitor
    57 Mirroring
    58 SIP
    59 BandOpt
    60

     

    Drop-Code:

     Error code and Name  

    0

    1 Unknown Ether type.
    2 IPv6 packets not supported.
    3 Packet on invalid vlan
    4 Packet on invalid interface
    5 Invalid HA packet
    6 Invalid HA ARP packet
    7 PPPoE discover packet not allowed
    8 Invalid HA SDP packet
    9 Routing packet not allowed
    10 VLAN filtered.
    11 L2B Learning-Bridge filtered
    12 Invalid NET-ID found.
    13 Invalid Run-time NET data.
    14 Unknown ARP type.
    15 Arp reply ignored.
    16 IP address not for our subnet
    17 NULL source IP address
    18 Own gratuitous arp
    19 IP address not on our lan subnet
    20 Classical mode, ARP bridge not supported
    21 ARP proxy, subnet mismatch
    22 Not for me.
    23 Invalid TCP Flag
    24 Invalid TCP Options
    25 IP sanity test failed
    26 Non sonicpoint traffic in wlan zone
    27 Multicast spank attack
    28 Multicast Data packet dropped
    29 Load Balancing Probe error
    30 Syn Flood Protection
    31 IP source route option found
    32 Invalid connection cache.
    33 Unknown destination
    34 Bounce traffic detected
    35 Access Rule Policy not found
    36 AV detection
    37 DEA detection
    38 Bad TFTP packets
    39 Enforced firewall rule
    40 LICENSE drop
    41 IDP detection
    42 Packet to public IP from inside firewall
    43 Bad TTL
    44 IP check failed
    45 Bad source IP
    46 Bad destination MAC address
    47 Broadcast not allowed on bridge.
    48 Going to blacklisted server.
    49 coming from blacklisted server.
    50 Broadcast traffic not handled.
    51 Multicast forwarding not configured
    52 Multicast IGMP state not found
    53 Multicast IP not in the allowed list
    54 Anti-Spam Connection Limit Reached
    55 Active/Active UTM drop offload packet
    56 Unknown Ether type
    57 Incorrect IP Version
    58 Blacklisted MAC address
    59 Wrong IP Length
    60 Packet length mismatch with interface
    MTU

    61 Wrong fragmentation boundary.
    62 Wrong IP checksum value.
    63 Wrong TCP Checksum value.
    64 Wrong UDP Checksum value.
    65 Wrong ICMP Checksum value.
    66 NULL Udp port number
    67 Non PPP-GRE traffic
    68 Missing ESP Header
    69 Missing AH Header
    70 Missing IPCOMP Header
    71 Unknown IP protocol type
    72 TTL value is zero.
    73 l2 mcast but dest ip is unicast
    74 Null Source Zone.
    75 Wrong UDP Length.
    76 RECV: IP pkt recvd without IPCP session
    77 RECV: TNMP can't alloc contiguous buf
    78 XMIT: AHDLC encap no buf
    79 XMIT: TNMP can't alloc contiguous buf
    80 XMIT: Device not ready to forward traffic
    81 XMIT: No IPCP session
    82 XMIT: No Dialup Msg Buffer available
    83 Non Zero GIAddr field in DHCP packet from client
    84 Source MAC is different from chAddr field in DHCP client packet
    85 Iphelper policy not found for DHCP relay.
    86 Iphelper cache not found for DHCP.
    87 Zero NSID in Netbios request packet.
    88 Iphelper policy not found for Netbios.
    89 Iphelper cache not found for Netbios.
    90 Zero NSID in Netbios reply packet.
    91 Ingress interface is same as egress interface.
    92 DHCP server packet dropped, RPF check failed.
    93 Netbios packet dropped, RPF check failed.
    94 Other Application packet dropped, RPF check failed.
    95 Iphelper policy not found for other Application.
    96 Memory Allocation Error.
    97 Length Mismatch. Cant forward pkt!!!.
    98 Control message header size error.
    99 Drop GRE packet as call not yet established.
    100 Invalid GRE Flags or Caller ID.

    .

    101 Invalid GRE sequence number.
    102 No payload for GRE packet.
    103 PPTP Tunnel is not up yet.
    104 PPTP Client is not enabled.
    105 PPTP Spin Lock Error.
    106 PPTP Flow Control Queuing Error.
    107 Error copying PPTP combuf chain to continuous buffer.
    108 Error fragmenting packet that is larger than PPTP MTU.
    109 Enforced Dial-on-Data restriction.
    110 PPPDU has not completed initialization.
    111 Error fragmenting packet that is larger than PPPDU MTU.
    112 PPPDU dropped packet because packet that is larger then PPPDU MTU and fragmentation is disabled.
    113 Packet received with DF bit Set and large than MTU
    114 PPP link is not up/available.
    115 The PPP buffer processing failed.
    116 Received PPP pkt but there is no existing PPP information.
    117 PPP Network Interface structure is NULL.
    118 PPP Virtual Interface structure is NULL.
    119 PPP dropped packet because it contains unknown protocol.
    120 PPP dropped packet because of transmission failure.
    121 PPP dropped packet because NCP is not open.
    122 PPP dropped packet because the LCP code is unacceptable.
    123 PPPOE packet has no payload.
    124 The PPPOE buffer processing failed.
    125 The PPPOE module is not yet ready.
    126 The PPPOE module is not enabled.
    127 The PPPOE module is not re/started with NTP packets.
    128 The PPPOE module dropped the packet because it was non-IP.
    129 PPPoE packet has unsupported version.
    130 Received PPPoE packet for non-existent PPP session
    131 PPPoE packet has an illegal session id.
    132 PPPoE packet has unknown ethertype.
    133 PPPoE packet is missing the service name tag.
    134 PPPoE packet was not transmitted.
    135 PPPoE packet dropped due to failure in adding enet header.
    136 L2TP Length Mismatch
    137 L2TP UDP checksum error
    138 L2TP buffer corrupted
    139 L2TP invalid tunnel
    140 L2TP invalid session
    141 L2TP Invalid source interface
    142 L2TP packet not encrypted
    143 L2TP Drop PPP control packet, session not established yet
    144 L2TP Tunnel/Seesion Invalid
    145 L2TP invalid pkt type
    146 L2TP invalid control msg
    147 L2TP unsupported version
    148 L2TP not enabled on this interface
    149 L2TP invalid packet
    150 L2TP invalid runtime data
    151 L2TP connection not UP
    152 L2TP memory allocation failed
    153 No IPSec tunnel active for this connection ,
    154 Invalid L2TP Mode ,
    155 Pkt pass to stack failed
    156 UDP length greater than 1500
    157 IP length greater than 1500
    158 Pkt authentication failed
    159 SA not found on lookup by SPI after decryption
    160 SA not found on lookup by SPI after encryption
    161 Failed to copy frag chain to contiguous buffer
    162 Pkt with SPI less than 256
    163 SA not found on lookup by SPI for inbound packet
    164 Pkt length smaller than expected
    165 Replayed Pkt
    166 Pkt received on invalid interface
    167 Expecting udp encapsulation
    168 Not expecting udp encapsulation
    169 Throughput regulator drop inbound pkt
    170 HW processing request error for inbound pkt
    171 AH auth failed
    172 ESP auth failed
    173 ESP decrypt failed
    174 Unknown protocol
    175 Nested tunnels not supported
    176 Pkt is not thru tunnell
    177 Pkt is not thru tunnel or l2tp transport mode
    178 Pkt not destined to mgmt interface
    179 Pkt from invalid peer
    180 VPN access list check failure
    181 Pkt does not match traffic selectors
    182 Pkt fragment not allowed
    183 DHCP pkt invalid IP length
    184 Octeon Decrypyion Failed for inbound packet
    185 Incoming packet's combuf Ip Length Error
    186 Combuf Ip Ptr Null Error
    187 Multicast sa not found
    188 SA not found on lookup by SPI for outbound pkt
    189 Incorrect src IP on mgmt SA
    190 Throughput regulator drop outbound pkt
    191 Insufficient command context for outbound pkt
    192 HW processing request error for outbound pkt
    193 Software esp decrypt processing request error
    194 Software esp auth processing request error
    195 Software ah auth processing request error
    196 Software null sa processing request error
    197 Software processing request error
    198 Combuf Fragmentation error
    199 Packet is large than MTU
    200 Packet received with DF bit Set and large than MTU

    201 Sequence overflow while encryting packet
    202 Encption error for out going packet
    203 Combuf Ip Ptr NUll Error
    204 Combuf Ip Length Error
    205 Next Hop ARP not Resolved
    206  Multicast buffer error
    207  No IGMP entry found
    208  No IGMP interface entry found
    209  Combuf fields mismatch iplen-enet not equal to etherhdr size
    210  IGMP wrong Checksum
    211  Multicast not enabled
    212  IGMP state table error
    213  IGMP message error
    214  IGMPV3 message error
    215  IGMP version not supported
    216  Multicast RTP stateful failed
    217 IP Spoof check failed
    218 OutGoing interface not available
    219 Cache pointer is NULL. NAT policy lookup cannot be performed

    220 Cache add to hash table failed
    221 NAT policy remap failed
    222 NAT policy generate unique remap port failed
    223 NAT policy lookup failed. Cache add aborted
    224 Connection cache is full
    225 Get VPN tunnel interface from policy failed
    226 Packet from bounced path
    227 Half open ESP connection
    228 Half open IPCOMP connection
    229 Allocate memory for connection cache failed
    230 NAT Remap: Source IP not found in NAT Policy's Original Source Address Object
    231 NAT Remap: Destination IP not found in NAT Policy's Original Destination Address Object
    232 NAT Remap: Service not found in NAT Policy's Original Service Object
    233 NAT Remap: Obtained invalid offset in original source
    234 NAT Remap: Obtained invalid offset in oringinal destination
    235 NAT Remap: Invalid address object type configured for original source
    236 NAT Remap: Invalid address object type configured for original destination
    237 NAT Remap: Invalid address object type configured for translated source
    238 NAT Remap: Obtained invalid translated source from original offset
    239 NAT Remap: Obtained invalid translated destination IP
    240 NAT Remap: Size of translated destination object is zero
    241 NAT Remap: Unable to find a host that is alive from translated destination pool
    242 NAT Remap: Size of translated service object is zero
    243 NAT Remap: Obtained invalid offset in original service
    244 NAT Remap: Obtained invalid translated service from original offset
    245 Packet marked to be dropped on ingress
    246 Packet marked to be dropped on egress
    247 Packet dropped by BWM CBQ as there is no default queue
    248 Packet dropped by BWM CBQ as the queue is full
    249 Packet dropped by BWM ACKQ as the queue is full
    250 Packet dropped by BWM ACKQ as there is no default queue
    251 Packet dropped due to BWM spin lock error
    252 MAC-IP Anti-spoof check enforced for hosts.
    253 MAC-IP Anti-spoof cache not found for this router.
    254 MAC-IP Anti-spoof cache found, but it is not a router.
    255 MAC-IP Anti-spoof cache found, but it is blacklisted
    device.

    256 Packet dropped - IDP failure on sslspy packet
    257 Packet droppedd - Content filter failure on sslspy packet
    258 Packet dropped - failed processing
    259 Packet dropped - failed SIP pre-processing
    260 Packet dropped - failed SIP post-processing
    261 Packet dropped - unknown SIP method
    262 Packet dropped - unknown Call-ID in method
    263 Packet dropped - invalid Contact:
    264 Packet dropped - invalid Call-ID:
    265 Packet dropped - invalid Via:
    266 Packet dropped - invalid From:
    267 Packet dropped - invalid To:
    268 Packet dropped - invalid RecordRoute:
    269 Packet dropped - invalid Maddr:
    270 Packet dropped - invalid Route:
    271 Packet dropped - invalid ACK
    272 Packet dropped - invalid method
    273 Packet dropped - invalid ReferredBy:
    274 Packet dropped - invalid ReferredTo:
    275 Packet dropped - invalid BYE
    276 Packet dropped - invalid CANCEL
    277 Packet dropped - invalid INVITE
    278 Packet dropped - invalid REGISTER
    279 Packet dropped - SDP body not found
    280 Packet dropped - bad SDP content length
    281 Packet dropped - bad SDP c=
    282 Packet dropped - bad SDP m=
    283 Packet dropped - failed SDP processing
    284 Packet dropped - Geo-IP block for init country
    285 Packet dropped - Geo-IP block for resp country
    286 Packet dropped - BOTNET block for init command and
    control center

    287 Packet dropped - BOTNET block for resp command and control center
    288 -

     

     

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top