Support on SonicWall Products, Services and Solutions
Browse Knowledgebase by Category
Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 5.9.0
03/26/2020 
1025 
10583
DESCRIPTION:
Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 5.9.0.6-3o firmware)
RESOLUTION:
When viewing output on the System > Packet Capture page, there are two fields that display potentially useful diagnosticinformation in numeric format. The Module-ID field provides information on the specific area of the firewall (UTM) appliance'sfirmware that handled a particular packet. The Drop-Code field provides a reason why the appliance dropped a particularpacket. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings.
Please Note: The following Drop Codes were extracted from SonicOS Enhanced 5.9.0.6-3o firmware version. These codes may change when a new firmware is available. If unsure, please contact SonicWall support.
| 1 adminTools 2 attacks 3 av 4 bwmmgmt 5 CIA 6 cli 7 clients 8 config 9 connection Cache 10 contentFilter 11 dea 12 debug 13 dhcpRelay 14 dhtml 15 fileSystem 16 fwCore 17 ha 18 idp 19 ipHelper 20 ipSec | 21 lib 22 log 23 modem 24 netObj 25 network 26 packetFilter 27 policy 28 pppStack 29 RADIUS acct 30 redirector 31 reports 32 resource 33 sarc 34 servers 35 snmp 36 spdpp 37 stateful 38 system 39 TRAV2 40 TSA 41 USER | 42 version 43 wizards 44 wlan 45 wlb 46 zones 47 ARP 48 system stack 49 PPTP 50 L2TP 51 PPP-Dialup 52 IGMP 53 PPPOE 54 NAT 55 anti-spam 56 NetMonitor 57 Mirroring 58 SIP 59 BandOpt 60 QoS 61 IPv6 62 ICMPv6 63 |
| DROP CODES |
| Drop Code ID and name |
0 1 Unknown Ether type. 2 IPv6 packets not supported. 3 Packet on invalid vlan 4 Packet on invalid interface 5 Invalid HA packet 6 Invalid HA ARP packet 7 PPPoE discover packet not allowed 8 Invalid HA SDP packet 9 Routing packet not allowed 10 VLAN filtered. 11 L2B Learning-Bridge filtered 12 Invalid NET-ID found. 13 Invalid Run-time NET data. 14 Unknown ARP type. 15 Arp reply ignored. 16 IP address not for our subnet 17 NULL source IP address 18 Own gratuitous arp 19 IP address not on our lan subnet 20 Classical mode, ARP bridge not supported 21 ARP proxy, subnet mismatch 22 Not for me. 23 Invalid TCP Flag 24 Invalid TCP Options 25 IP sanity test failed 26 Non sonicpoint traffic in wlan zone 27 Multicast spank attack 28 Multicast Data packet dropped 29 Load Balancing Probe error 30 Syn Flood Protection 31 IP source route option found 32 Invalid connection cache. 33 Unknown destination 34 Bounce traffic detected 35 Access Rule Policy not found 36 AV detection 37 SEC detection 38 DEA detection 39 Bad TFTP packets 40 Enforced firewall rule 41 LICENSE drop 42 IDP detection 43 Packet to public IP from inside firewall 44 Bad TTL 45 IP check failed 46 Bad source IP 47 Bad destination MAC address 48 Broadcast not allowed on bridge. 49 Going to blacklisted server. 50 coming from blacklisted server. 51 Broadcast traffic not handled. 52 Multicast forwarding not configured 53 Multicast IGMP state not found 54 Multicast IP not in the allowed list 55 Anti-Spam Connection Limit Reached 56 Active/Active DPI drop offload packet 57 UDP Flood Protection 58 ICMP Flood Protection 59 Unknown Ether type 60 Incorrect IP Version 61 Blacklisted MAC address 62 Wrong IP Length 63 Packet length mismatch with interface MTU 64 Wrong fragmentation boundary. 65 Wrong IP checksum value. 66 Wrong TCP Checksum value. 67 Wrong UDP Checksum value. 68 Wrong ICMP Checksum value. 69 NULL Udp port number 70 Non PPP-GRE traffic 71 Missing ESP Header 72 Missing AH Header 73 Missing IPCOMP Header 74 Unknown IP protocol type 75 TTL value is zero. 76 l2 mcast but dest ip is unicast 77 Null Source Zone. 78 Wrong UDP Length. 79 RECV: IP pkt recvd without IPCP session 80 RECV: TNMP can't alloc contiguous buf 81 XMIT: AHDLC encap no buf 82 XMIT: TNMP can't alloc contiguous buf 83 XMIT: Device not ready to forward traffic 84 XMIT: No IPCP session 85 XMIT: No Dialup Msg Buffer available 86 Non Zero GIAddr field in DHCP packet from client 87 Source MAC is different from chAddr field in DHCP client packet 88 Iphelper policy not found for DHCP relay. 89 Iphelper cache not found for DHCP. 90 Zero NSID in Netbios request packet. 91 Iphelper policy not found for Netbios. 92 Iphelper cache not found for Netbios. 93 Zero NSID in Netbios reply packet. 94 Ingress interface is same as egress interface. 95 DHCP server packet dropped, RPF check failed. 96 Netbios packet dropped, RPF check failed. 97 Other Application packet dropped, RPF check failed. 98 Iphelper policy not found for other Application. 99 Memory Allocation Error. 100 Length Mismatch. Cant forward pkt!!!. 101 Control message header size error. 102 Drop GRE packet as call not yet established. 103 Invalid GRE Flags or Caller ID. 104 Invalid GRE sequence number. 105 No payload for GRE packet. 106 PPTP Tunnel is not up yet. 107 PPTP Client is not enabled. 108 PPTP Spin Lock Error. 109 PPTP Flow Control Queuing Error. 110 Error copying PPTP combuf chain to continuous buffer. 111 Error fragmenting packet that is larger than PPTP MTU. 112 Enforced Dial-on-Data restriction. 113 PPPDU has not completed initialization. 114 Error fragmenting packet that is larger than PPPDU MTU. 115 PPPDU dropped packet because packet that is larger then PPPDU MTU and fragmentation is disabled. 116 Packet received with DF bit Set and large than MTU 117 PPP link is not up/available. 118 The PPP buffer processing failed. 119 Received PPP pkt but there is no existing PPP information. 120 PPP Network Interface structure is NULL. 121 PPP Virtual Interface structure is NULL. 122 PPP dropped packet because it contains unknown protocol. 123 PPP dropped packet because of transmission failure. 124 PPP dropped packet because NCP is not open. 125 PPP dropped packet because the LCP code is unacceptable. 126 PPPOE packet has no payload. 127 The PPPOE buffer processing failed. 128 The PPPOE module is not yet ready. 129 The PPPOE module is not enabled. 130 The PPPOE module is not re/started with NTP packets. 131 The PPPOE module dropped the packet because it was non-IP. 132 PPPoE packet has unsupported version. 133 Received PPPoE packet for non-existent PPP session 134 PPPoE packet has an illegal session id. 135 PPPoE packet has unknown ethertype. 136 PPPoE packet is missing the service name tag. 137 PPPoE packet was not transmitted. 138 PPPoE packet dropped due to failure in adding enet header. 139 L2TP Length Mismatch 140 L2TP UDP checksum error 141 L2TP buffer corrupted 142 L2TP invalid tunnel 143 L2TP invalid session 144 L2TP Invalid source interface 145 L2TP packet not encrypted 146 L2TP Drop PPP control packet, session not established yet 147 L2TP Tunnel/Seesion Invalid 148 L2TP invalid pkt type 149 L2TP invalid control msg 150 L2TP unsupported version 151 L2TP not enabled on this interface 152 L2TP invalid packet 153 L2TP invalid runtime data 154 L2TP connection not UP 155 L2TP memory allocation failed 156 No IPSec tunnel active for this connection , 157 Invalid L2TP Mode , 158 Pkt pass to stack failed 159 UDP length greater than 1500 160 IP length greater than 1500 161 Pkt authentication failed 162 SA not found on lookup by SPI after decryption 163 SA not found on lookup by SPI after encryption 164 Failed to copy frag chain to contiguous buffer 165 Pkt with SPI less than 256 166 SA not found on lookup by SPI for inbound packet 167 Pkt length smaller than expected 168 Replayed Pkt 169 Pkt received on invalid interface 170 Expecting udp encapsulation 171 Not expecting udp encapsulation 172 Throughput regulator drop inbound pkt 173 HW processing request error for inbound pkt 174 AH auth failed 175 ESP auth failed 176 ESP decrypt failed 177 Unknown protocol 178 Nested tunnels not supported 179 Pkt is not thru tunnell 180 Pkt is not thru tunnel or l2tp transport mode 181 Pkt not destined to mgmt interface 182 Pkt from invalid peer 183 VPN access list check failure 184 Pkt does not match traffic selectors 185 Pkt fragment not allowed 186 DHCP pkt invalid IP length 187 Octeon Decrypyion Failed for inbound packet 188 Incoming packet's combuf Ip Length Error 189 Combuf Ip Ptr Null Error 190 Multicast sa not found 191 SA not found on lookup by SPI for outbound pkt 192 Incorrect src IP on mgmt SA 193 Throughput regulator drop outbound pkt 194 Insufficient command context for outbound pkt 195 HW processing request error for outbound pkt 196 Software esp decrypt processing request error 197 Software esp auth processing request error 198 Software ah auth processing request error 199 Software null sa processing request error 200 Software processing request error 201 Combuf Fragmentation error 202 Packet is large than MTU 203 Packet received with DF bit Set and large than MTU 204 Sequence overflow while encryting packet 205 Encption error for out going packet 206 Combuf Ip Ptr NUll Error 207 Combuf Ip Length Error 208 Next Hope ARP not Resolved 209 Multicast buffer error 210 No IGMP entry found 211 No IGMP interface entry found 212 Combuf fields mismatch iplen-enet not equal to etherhdr size 213 IGMP wrong Checksum 214 Multicast not enabled 215 IGMP state table error 216 IGMP message error 217 IGMPV3 message error 218 IGMP version not supported 219 Multicast RTP stateful failed 220 IP Spoof check failed 221 OutGoing interface not available 222 Cache pointer is NULL. NAT policy lookup cannot be performed 223 NAT policy remap failed 224 NAT policy unique remap port failed 225 NAT policy lookup failed. Cache add aborted 226 Connection cache is full 227 Get VPN tunnel interface from policy failed 228 Packet from bounced path 229 Half open ESP connection 230 Half open IPCOMP connection 231 Allocate memory for connection cache failed 232 Connection Cache Add Failed 233 Packet marked to be dropped on ingress 234 Packet marked to be dropped on egress 235 Packet dropped by BWM CBQ as there is no default queue 236 Packet dropped by BWM CBQ as the queue is full 237 Packet dropped by BWM ACKQ as the queue is full 238 Packet dropped by BWM ACKQ as there is no default queue 239 Packet dropped due to BWM spin lock error 240 MAC-IP Anti-spoof check enforced for hosts. 241 MAC-IP Anti-spoof cache not found for this router. 242 MAC-IP Anti-spoof cache found, but it is not a router. 243 MAC-IP Anti-spoof cache found, but it is blacklisted device. 244 Packet dropped - IDP failure on sslspy packet 245 Packet droppedd - Content filter failure on sslspy packet 246 Packet dropped - failed processing 247 Packet dropped - failed SIP pre-processing 248 Packet dropped - failed SIP post-processing 249 Packet dropped - unknown SIP method 250 Packet dropped - unknown Call-ID in method 251 Packet dropped - invalid Contact: 252 Packet dropped - invalid Call-ID: 253 Packet dropped - invalid Via: 254 Packet dropped - invalid From: 255 Packet dropped - invalid To: 256 Packet dropped - invalid RecordRoute: 257 Packet dropped - invalid Maddr: 258 Packet dropped - invalid Route: 259 Packet dropped - invalid ACK 260 Packet dropped - invalid method 261 Packet dropped - invalid ReferredBy: 262 Packet dropped - invalid ReferredTo: 263 Packet dropped - invalid BYE 264 Packet dropped - invalid CANCEL 265 Packet dropped - invalid INVITE 266 Packet dropped - invalid REGISTER 267 Packet dropped - SDP body not found 268 Packet dropped - bad SDP content length 269 Packet dropped - bad SDP c= 270 Packet dropped - bad SDP m= 271 Packet dropped - failed SDP processing 272 Packet dropped - Geo-IP block for init country 273 Packet dropped - Geo-IP block for resp country 274 Packet dropped - BOTNET block for init command and control center 275 Packet dropped - BOTNET block for resp command and control center 276 Packet dropped - HA not allowed 277 IPv6 Internal Error 278 IPv6 packet with option. 279 IPv6 next header validation failed. 280 IPv6 virtual firewall ID not found. 281 IPv6 packets on non IPv6 enabled interface. 282 IPv6 interface state is DOWN. 283 Source Zone is not defined. 284 Invalid TCP flag detected. 285 Firewall rul applied. 286 Connection cache add failed. 287 Cleanup needed for connection cache failed . 288 Maximum hop allowed for this IPv6 packet has reached. 289 Src IP as link local but pkt not for us. 290 SRC RPF Failed 291 Pkt need redirection, not supported 292 Stack destined packet, cant handle for now. 293 IPv6 packet with ICMPv4. 294 Interface has no IP addresses. 295 Dest IP as solNode mcast but not for us 296 Src IP is not valid 297 Source IP is spoofed 298 Null Dst IP 299 NULL src IP, not supported 300 Src IP is non unicast pkt 301 Dst route not found 302 Dst IP is LLU but not for us 303 Dst IP is non unicast pkt 304 Dst IF same as SRc IF, redirect not supported 305 Dst IF is not V6 enabled 306 AH and ESP extn hdr found, dropped 307 ipLen mismatch with payloadLen 308 No 6to4 relay Ip specified 309 Non 2002:: src ip packet destined for 6to4 relay 310 Incoming Ipv6 tunnel pkt failed for IPspoof 311 Incoming Ipv6 tunnel pkt from stack 312 Incoming IPv6 tunnel pkt failed for IPspoof 313 Non unicast pkt trying for tunnel to relay 314 pkt in from tunnel and going back to tunnel 315 pkt in from relay and going back to relay 316 Connection initiated from WAN ZONE, not allowed 317 Connection initiated from WLAN ZONE, not allowed 318 No cache but tcp packet with no syn 319 failed to resolve ngbr 320 pkt destined to us, management via IPv6 not allowed 321 Source IP is a multicast address 322 pkt dropped due to ndpp rules 323 IPv6 address is reserved 324 internal ICMP module error 325 Not allowed to reply on ping pkt 326 Parsing inner ICMPv6 error payload as non UDP/ICMPv6 327 Parsing inner ICMPv6 error payload as non UDP/ICMPv6 328 Wrong hopLimit in the IP header 329 ICMP echo reply not allowed on dst Ip as mcast. 330 incoming interface is not v6 enabled 331 src ip not in our subnet 332 unknown icmp type 333 fragmented icmpv6 packet 334 icmpv6 packet from tunnel interface 335 echo packet with null srcip 336 pkt with null srcIp not directed at multicast dst ip 337 Sol message srcIP is null but option is present dropped 338 reply option received. 339 Unknown option. 340 No option but dstIP is multicast. 341 bad length in ngbr sol msg. 342 bad icmp len 343 bad length in rtr sol msg, dropped. 344 Unknown option, discarded. 345 target option received, discarded. 346 bad length in ngbr adv msg, dropped. 347 Unknown option, discarded. 348 source option received, discarded. 349 icmpv6 smurf amplification, dropped. 350 - |
