Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 6.1
03/26/2020 
1021 
11943
DESCRIPTION:
Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 6.1.1.3-11n firmware)
RESOLUTION:
When viewing output on the System > Packet Monitor page, there are two fields that display potentially useful diagnostic information in numeric format. The Modue-ID field provides information on the specific area of the firewall (UTM) appliance's firmware that handled a particular packet. The Drop Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings
Please Note: The following Drop-Codes were extracted from SonicOS Enhanced 6.1.1.3 11n firmware version, however these codes may change when a new firmware isavailable. When unsure please contact SonicWall support. Module ID and Module Name: 0
1 adminTools
2 attacks
3 av
4 bwmmgmt
5 CIA
6 cli
7 clients
8 config
9 connectionCache
10 contentFilter
11 dea
12 debug
13 dhcpRelay
14 dhtml
15 fileSystem
16 fwCore
17 ha
18 idp
19 ipHelper
20 ipSec | 21 lib
22 log
23 modem
24 netObj
25 network
26 packetFilter
27 policy
28 pppStack
29 RADIUS acct
30 redirector
31 reports
32 resource
33 sarc
34 servers
35 snmp
36 spdpp
37 stateful
38 system
39 TRAV2
40 TSA | 41 USERS
42 version
43 wizards
44 wlan
45 wlb
46 zones
47 ARP
48 system stack
49 PPTP
50 L2TP
51 PPP-Dialup
52 IGMP
53 PPPOE
54 NAT
55 anti-spam
56 NetMonitor
57 Mirroring
58 SIP
59 BandOpt
60 |
| DROP CODES |
| Drop Code ID and name | Drop Code ID and name |
0
1 Unknown Ether type.
2 IPv6 packets not supported.
3 Packet on invalid vlan
4 Packet on invalid interface
5 Invalid HA packet
6 Invalid HA ARP packet
7 PPPoE discover packet not allowed
8 Invalid HA SDP packet
9 Routing packet not allowed
10 VLAN filtered.
11 Unicast MACADDR not mine
12 L2B Learning-Bridge filtered
13 Invalid NET-ID found.
14 Invalid Run-time NET data.
15 Unknown ARP type.
16 Arp reply ignored.
17 IP address not for our subnet
18 NULL source IP address
19 Own gratuitous arp
20 IP address not on our lan subnet
21 Classical mode, ARP bridge not supported
22 ARP proxy, subnet mismatch
23 Not for me.
24 Invalid TCP Flag
25 Invalid TCP Options
26 IP sanity test failed
27 Non sonicpoint traffic in wlan zone
28 Multicast spank attack
29 Multicast Data packet dropped
30 Load Balancing Probe error
31 Syn Flood Protection
32 IP source route option found
33 Invalid connection cache.
34 Unknown destination
35 Bounce traffic detected
36 Access Rule Policy not found
37 AV detection
38 DEA detection
39 Bad TFTP packets
40 Enforced firewall rule
41 LICENSE drop
42 IDP detection
43 Packet to public IP from inside firewall
44 Bad TTL
45 IP check failed
46 Bad source IP
47 Bad destination MAC address
48 Broadcast not allowed on bridge.
49 Going to blacklisted server.
50 coming from blacklisted server.
51 Broadcast traffic not handled.
52 Multicast forwarding not configured
53 Multicast IGMP state not found
54 Multicast IP not in the allowed list
55 Anti-Spam Connection Limit Reached
56 Active/Active DPI drop offload packet
57 UDP Flood Protection
58 ICMP Flood Protection
59 Unknown Ether type
60 Incorrect IP Version
61 Blacklisted MAC address
62 Wrong IP Length
63 Packet length mismatch with interface MTU
64 Wrong fragmentation boundary.
65 Wrong IP checksum value.
66 Wrong TCP Checksum value.
67 Wrong UDP Checksum value.
68 Wrong ICMP Checksum value.
69 NULL Udp port number
70 Non PPP-GRE traffic
71 Missing ESP Header
72 Missing AH Header
73 Missing IPCOMP Header
74 Unknown IP protocol type
75 TTL value is zero.
76 l2 mcast but dest ip is unicast
77 Null Source Zone.
78 Wrong UDP Length.
79 RECV: IP pkt recvd without IPCP session
80 RECV: TNMP can't alloc contiguous buf
81 XMIT: AHDLC encap no buf
82 XMIT: TNMP can't alloc contiguous buf
83 XMIT: Device not ready to forward traffic
84 XMIT: No IPCP session
85 XMIT: No Dialup Msg Buffer available
86 Non Zero GIAddr field in DHCP packet from client
87 Source MAC is different from chAddr field in DHCP client packet
88 Iphelper policy not found for DHCP relay.
89 Iphelper cache not found for DHCP.
90 Zero NSID in Netbios request packet.
91 Iphelper policy not found for Netbios.
92 Iphelper cache not found for Netbios.
93 Zero NSID in Netbios reply packet.
94 Ingress interface is same as egress interface.
95 DHCP server packet dropped, RPF check failed.
96 Netbios packet dropped, RPF check failed.
97 Other Application packet dropped, RPF check failed.
98 Iphelper policy not found for other Application.
99 Memory Allocation Error.
100 Length Mismatch. Cant forward pkt.
101 Control message header size error.
102 Drop GRE packet as call not yet established.
103 Invalid GRE Flags or Caller ID.
104 Invalid GRE sequence number.
105 No payload for GRE packet.
106 PPTP Tunnel is not up yet.
107 PPTP Client is not enabled.
108 PPTP Spin Lock Error.
109 PPTP Flow Control Queuing Error.
110 Error copying PPTP combuf chain to continuous buffer.
111 Error fragmenting packet that is larger than PPTP MTU.
112 Enforced Dial-on-Data restriction.
113 PPPDU has not completed initialization.
114 Error fragmenting packet that is larger than PPPDU MTU.
115 PPPDU dropped packet because packet that is larger then PPPDU MTU
and fragmentation is disabled.
116 Packet received with DF bit Set and large than MTU
117 PPP link is not up/available.
118 The PPP buffer processing failed.
119 Received PPP pkt but there is no existing PPP information.
120 PPP Network Interface structure is NULL.
121 PPP Virtual Interface structure is NULL.
122 PPP dropped packet because it contains unknown protocol.
123 PPP dropped packet because of transmission failure.
124 PPP dropped packet because NCP is not open.
125 PPP dropped packet because the LCP code is unacceptable.
126 PPPOE packet has no payload.
127 The PPPOE buffer processing failed.
128 The PPPOE module is not yet ready.
129 The PPPOE module is not enabled.
130 The PPPOE module is not re/started with NTP packets.
131 The PPPOE module dropped the packet because it was non-IP.
132 PPPoE packet has unsupported version.
133 Received PPPoE packet for non-existent PPP session
134 PPPoE packet has an illegal session id.
135 PPPoE packet has unknown ethertype.
136 PPPoE packet is missing the service name tag.
137 PPPoE packet was not transmitted.
138 PPPoE packet dropped due to failure in adding enet header.
139 L2TP Length Mismatch
140 L2TP UDP checksum error
141 L2TP buffer corrupted
142 L2TP invalid tunnel
143 L2TP invalid session
144 L2TP Invalid source interface
145 L2TP packet not encrypted
146 L2TP Drop PPP control packet, session not established yet
147 L2TP Tunnel/Seesion Invalid
148 L2TP invalid pkt type
149 L2TP invalid control msg
150 L2TP unsupported version |
151 L2TP not enabled on this interface
152 L2TP invalid packet
153 L2TP invalid runtime data
154 L2TP connection not UP
155 L2TP memory allocation failed
156 No IPSec tunnel active for this connection ,
157 Invalid L2TP Mode ,
158 Pkt pass to stack failed
159 UDP length greater than 1500
160 IP length greater than 1500
161 Pkt authentication failed
162 SA not found on lookup by SPI after decryption
163 SA not found on lookup by SPI after encryption
164 Failed to copy frag chain to contiguous buffer
165 Pkt with SPI less than 256
166 SA not found on lookup by SPI for inbound packet
167 Pkt length smaller than expected
168 Replayed Pkt
169 Pkt received on invalid interface
170 Expecting udp encapsulation
171 Not expecting udp encapsulation
172 Throughput regulator drop inbound pkt
173 HW processing request error for inbound pkt
174 AH auth failed
175 ESP auth failed
176 ESP decrypt failed
177 Unknown protocol
178 Nested tunnels not supported
179 Pkt is not thru tunnell
180 Pkt is not thru tunnel or l2tp transport mode
181 Pkt not destined to mgmt interface
182 Pkt from invalid peer
183 VPN access list check failure
184 Pkt does not match traffic selectors
185 Pkt fragment not allowed
186 DHCP pkt invalid IP length
187 Octeon Decrypyion Failed for inbound packet
188 Incoming packet's combuf Ip Length Error
189 Combuf Ip Ptr Null Error
190 Multicast sa not found
191 SA not found on lookup by SPI for outbound pkt
192 Incorrect src IP on mgmt SA
193 Throughput regulator drop outbound pkt
194 Insufficient command context for outbound pkt
195 HW processing request error for outbound pkt
196 Software esp decrypt processing request error
197 Software esp auth processing request error
198 Software ah auth processing request error
199 Software null sa processing request error
200 Software processing request error
201 Combuf Fragmentation error
202 Packet is large than MTU
203 Packet received with DF bit Set and large than MTU
204 Sequence overflow while encryting packet
205 Encption error for out going packet
206 Combuf Ip Ptr NUll Error
207 Combuf Ip Length Error
208 Next Hope ARP not Resolved
209 Multicast buffer error
210 No IGMP entry found
211 No IGMP interface entry found
212 Combuf fields mismatch iplen-enet not equal to etherhdr size
213 IGMP wrong Checksum
214 Multicast not enabled
215 IGMP state table error
216 IGMP message error
217 IGMPV3 message error
218 IGMP version not supported
219 Multicast RTP stateful failed
220 IP Spoof check failed
221 OutGoing interface not available
222 Cache pointer is NULL. NAT policy lookup cannot be performed
223 NAT policy remap failed
224 NAT policy unique remap port failed
225 NAT policy lookup failed. Cache add aborted
226 Connection cache is full
227 Get VPN tunnel interface from policy failed
228 Packet from bounced path
229 Half open ESP connection
230 Half open IPCOMP connection
231 Allocate memory for connection cache failed
232 Packet marked to be dropped on ingress
233 Packet marked to be dropped on egress
234 Packet dropped by BWM CBQ as there is no default queue
235 Packet dropped by BWM CBQ as the queue is full
236 Packet dropped by BWM ACKQ as the queue is full
237 Packet dropped by BWM ACKQ as there is no default queue
238 Packet dropped due to BWM spin lock error
239 MAC-IP Anti-spoof check enforced for hosts.
240 MAC-IP Anti-spoof cache not found for this router.
241 MAC-IP Anti-spoof cache found, but it is not a router.
242 MAC-IP Anti-spoof cache found, but it is blacklisted device.
243 Packet dropped - IDP failure on sslspy packet
244 Packet droppedd - Content filter failure on sslspy packet
245 Packet dropped - failed processing
246 Packet dropped - failed SIP pre-processing
247 Packet dropped - failed SIP post-processing
248 Packet dropped - unknown SIP method
249 Packet dropped - unknown Call-ID in method
250 Packet dropped - invalid Contact:
251 Packet dropped - invalid Call-ID:
252 Packet dropped - invalid Via:
253 Packet dropped - invalid From:
254 Packet dropped - invalid To:
255 Packet dropped - invalid RecordRoute:
256 Packet dropped - invalid Maddr:
257 Packet dropped - invalid Route:
258 Packet dropped - invalid ACK
259 Packet dropped - invalid method
260 Packet dropped - invalid ReferredBy:
261 Packet dropped - invalid ReferredTo:
262 Packet dropped - invalid BYE
263 Packet dropped - invalid CANCEL
264 Packet dropped - invalid INVITE
265 Packet dropped - invalid REGISTER
266 Packet dropped - SDP body not found
267 Packet dropped - bad SDP content length
268 Packet dropped - bad SDP c=
269 Packet dropped - bad SDP m=
270 Packet dropped - failed SDP processing
271 Packet dropped - Geo-IP block for init country
272 Packet dropped - Geo-IP block for resp country
273 Packet dropped - BOTNET block for init command and control center
274 Packet dropped - BOTNET block for resp command and control center
275 -
|
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
