Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 6.1

03/26/2020 1,021 People found this article helpful 117,867 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Explanation of Drop code and Module-ID Values in Packet Capture Output (SonicOS Enhanced 6.1.1.3-11n firmware)

    Resolution

    When viewing output on the System > Packet Monitor page, there are two fields that display potentially useful diagnostic information in numeric format. The Modue-ID field provides information on the specific area of the firewall (UTM) appliance's firmware that handled a particular packet. The Drop Code field provides a reason why the appliance dropped a particular packet. This article provides a list of the Module-ID and Drop-Code numbers along with their meanings

    Please Note: The following Drop-Codes were extracted from SonicOS Enhanced 6.1.1.3 11n firmware version, however these codes may change when a new firmware isavailable. When unsure please contact SonicWall support.

    Module ID and Module Name:
     
    0            
    1            adminTools
    2            attacks
    3            av
    4            bwmmgmt
    5            CIA
    6            cli
    7            clients
    8            config
    9            connectionCache
    10          contentFilter
    11          dea
    12          debug
    13          dhcpRelay
    14          dhtml
    15          fileSystem
    16          fwCore
    17          ha
    18          idp
    19          ipHelper
    20          ipSec
    21          lib
    22          log
    23          modem
    24          netObj
    25          network
    26          packetFilter
    27          policy
    28          pppStack
    29          RADIUS acct
    30          redirector
    31          reports
    32          resource
    33          sarc
    34          servers
    35          snmp
    36          spdpp
    37          stateful
    38          system
    39          TRAV2
    40          TSA
    41          USERS
    42          version
    43          wizards
    44          wlan
    45          wlb
    46          zones
    47          ARP
    48          system stack
    49          PPTP
    50          L2TP
    51          PPP-Dialup
    52          IGMP
    53          PPPOE
    54          NAT
    55          anti-spam
    56          NetMonitor
    57          Mirroring
    58          SIP
    59          BandOpt
    60     
     
    DROP CODES
    Drop Code ID and nameDrop Code ID and name
    0  
    1  Unknown Ether type.
    2  IPv6 packets not supported.
    3  Packet on invalid vlan
    4  Packet on invalid interface
    5  Invalid HA packet
    6  Invalid HA ARP packet
    7  PPPoE discover packet not allowed
    8  Invalid HA SDP packet
    9  Routing packet not allowed
    10  VLAN filtered.
    11  Unicast MACADDR not mine
    12  L2B Learning-Bridge filtered
    13  Invalid NET-ID found.
    14  Invalid Run-time NET data.
    15  Unknown ARP type.
    16  Arp reply ignored.
    17  IP address not for our subnet
    18  NULL source IP address
    19  Own gratuitous arp
    20  IP address not on our lan subnet
    21  Classical mode, ARP bridge not supported
    22  ARP proxy, subnet mismatch
    23  Not for me.
    24  Invalid TCP Flag
    25  Invalid TCP Options
    26  IP sanity test failed
    27  Non sonicpoint traffic in wlan zone
    28  Multicast spank attack
    29  Multicast Data packet dropped
    30  Load Balancing Probe error
    31  Syn Flood Protection
    32  IP source route option found
    33  Invalid connection cache.
    34  Unknown destination
    35  Bounce traffic detected
    36  Access Rule Policy not found
    37  AV detection
    38  DEA detection
    39  Bad TFTP packets
    40  Enforced firewall rule
    41  LICENSE drop
    42  IDP detection
    43  Packet to public IP from inside firewall
    44  Bad TTL
    45  IP check failed
    46  Bad source IP
    47  Bad destination MAC address
    48  Broadcast not allowed on bridge.
    49  Going to blacklisted server.
    50  coming from blacklisted server.
    51  Broadcast traffic not handled.
    52  Multicast forwarding not configured
    53  Multicast IGMP state not found 
    54  Multicast IP not in the allowed list
    55  Anti-Spam Connection Limit Reached
    56  Active/Active DPI drop offload packet
    57  UDP Flood Protection
    58  ICMP Flood Protection
    59  Unknown Ether type
    60  Incorrect IP Version
    61  Blacklisted MAC address
    62  Wrong IP Length
    63  Packet length mismatch with interface MTU
    64  Wrong fragmentation boundary.
    65  Wrong IP checksum value.
    66  Wrong TCP Checksum value.
    67  Wrong UDP Checksum value.
    68  Wrong ICMP Checksum value.
    69  NULL Udp port number
    70  Non PPP-GRE traffic
    71  Missing ESP Header
    72  Missing AH Header
    73  Missing IPCOMP Header
    74  Unknown IP protocol type
    75  TTL value is zero.
    76  l2 mcast but dest ip is unicast
    77  Null Source Zone.
    78  Wrong UDP Length.
    79  RECV: IP pkt recvd without IPCP session
    80  RECV: TNMP can't alloc contiguous buf
    81  XMIT: AHDLC encap no buf
    82  XMIT: TNMP can't alloc contiguous buf
    83  XMIT: Device not ready to forward traffic
    84  XMIT: No IPCP session
    85  XMIT: No Dialup Msg Buffer available
    86  Non Zero GIAddr field in DHCP packet from client
    87  Source MAC is different from chAddr field in DHCP client packet
    88  Iphelper policy not found for DHCP relay.
    89  Iphelper cache not found for DHCP.
    90  Zero NSID in Netbios request packet.
    91  Iphelper policy not found for Netbios.
    92  Iphelper cache not found for Netbios.
    93  Zero NSID in Netbios reply packet.
    94  Ingress interface is same as egress interface.
    95  DHCP server packet dropped, RPF check failed.
    96  Netbios packet dropped, RPF check failed.
    97  Other Application packet dropped, RPF check failed.
    98  Iphelper policy not found for other Application.
    99  Memory Allocation Error.
    100  Length Mismatch. Cant forward pkt.

    101  Control message header size error.
    102  Drop GRE packet as call not yet established.
    103  Invalid GRE Flags or Caller ID.
    104  Invalid GRE sequence number.
    105  No payload for GRE packet.
    106  PPTP Tunnel is not up yet.
    107  PPTP Client is not enabled.
    108  PPTP Spin Lock Error.
    109  PPTP Flow Control Queuing Error.
    110  Error copying PPTP combuf chain to continuous buffer.
    111  Error fragmenting packet that is larger than PPTP MTU.
    112  Enforced Dial-on-Data restriction.
    113  PPPDU has not completed initialization.
    114  Error fragmenting packet that is larger than PPPDU MTU.
    115  PPPDU dropped packet because packet that is larger then PPPDU MTU
            and fragmentation is disabled.
    116  Packet received with DF bit Set and large than MTU 
    117  PPP link is not up/available.
    118  The PPP buffer processing failed.
    119  Received PPP pkt but there is no existing PPP information.
    120  PPP Network Interface structure is NULL.
    121  PPP Virtual Interface structure is NULL.
    122  PPP dropped packet because it contains unknown protocol.
    123  PPP dropped packet because of transmission failure.
    124  PPP dropped packet because NCP is not open.
    125  PPP dropped packet because the LCP code is unacceptable.
    126  PPPOE packet has no payload.
    127  The PPPOE buffer processing failed.
    128  The PPPOE module is not yet ready.
    129  The PPPOE module is not enabled.
    130  The PPPOE module is not re/started with NTP packets.
    131  The PPPOE module dropped the packet because it was non-IP.
    132  PPPoE packet has unsupported version.
    133  Received PPPoE packet for non-existent PPP session
    134  PPPoE packet has an illegal session id.
    135  PPPoE packet has unknown ethertype.
    136  PPPoE packet is missing the service name tag.
    137  PPPoE packet was not transmitted.
    138  PPPoE packet dropped due to failure in adding enet header.
    139  L2TP Length Mismatch
    140  L2TP UDP checksum error
    141  L2TP buffer corrupted
    142  L2TP invalid tunnel
    143  L2TP invalid session
    144  L2TP Invalid source interface
    145  L2TP packet not encrypted
    146  L2TP Drop PPP control packet, session not established yet
    147  L2TP Tunnel/Seesion Invalid 
    148  L2TP invalid pkt type
    149  L2TP invalid control msg
    150  L2TP unsupported version

    151  L2TP not enabled on this interface
    152  L2TP invalid packet
    153  L2TP invalid runtime data
    154  L2TP connection not UP
    155  L2TP memory allocation failed
    156  No IPSec tunnel active for this connection ,
    157  Invalid L2TP Mode ,
    158  Pkt pass to stack failed
    159  UDP length greater than 1500
    160  IP length greater than 1500
    161  Pkt authentication failed
    162  SA not found on lookup by SPI after decryption 
    163  SA not found on lookup by SPI after encryption
    164  Failed to copy frag chain to contiguous buffer
    165  Pkt with SPI less than 256
    166  SA not found on lookup by SPI for inbound packet
    167  Pkt length smaller than expected
    168  Replayed Pkt
    169  Pkt received on invalid interface
    170  Expecting udp encapsulation
    171  Not expecting udp encapsulation
    172  Throughput regulator drop inbound pkt
    173  HW processing request error for inbound pkt
    174  AH auth failed
    175  ESP auth failed
    176  ESP decrypt failed
    177  Unknown protocol
    178  Nested tunnels not supported
    179  Pkt is not thru tunnell
    180  Pkt is not thru tunnel or l2tp transport mode
    181  Pkt not destined to mgmt interface
    182  Pkt from invalid peer
    183  VPN access list check failure
    184  Pkt does not match traffic selectors
    185  Pkt fragment not allowed
    186  DHCP pkt invalid IP length
    187  Octeon Decrypyion Failed for inbound packet
    188  Incoming packet's combuf Ip Length Error
    189  Combuf Ip Ptr Null Error
    190  Multicast sa not found
    191  SA not found on lookup by SPI for outbound pkt
    192  Incorrect src IP on mgmt SA
    193  Throughput regulator drop outbound pkt
    194  Insufficient command context for outbound pkt
    195  HW processing request error for outbound pkt
    196  Software esp decrypt processing request error
    197  Software esp auth processing request error
    198  Software ah auth processing request error
    199  Software null sa processing request error
    200  Software processing request error

    201  Combuf Fragmentation error
    202  Packet is large than MTU 
    203  Packet received with DF bit Set and large than MTU 
    204  Sequence overflow while encryting packet
    205  Encption error for out going packet
    206  Combuf Ip Ptr NUll Error
    207  Combuf Ip Length Error
    208  Next Hope ARP not Resolved
    209   Multicast buffer error
    210   No IGMP entry found
    211   No IGMP interface entry found
    212   Combuf fields mismatch iplen-enet not equal to etherhdr size
    213   IGMP wrong Checksum
    214   Multicast not enabled
    215   IGMP state table error
    216   IGMP message error
    217   IGMPV3 message error
    218   IGMP version not supported
    219   Multicast RTP stateful failed
    220  IP Spoof check failed
    221  OutGoing interface not available
    222  Cache pointer is NULL. NAT policy lookup cannot be performed
    223  NAT policy remap failed
    224  NAT policy unique remap port failed
    225  NAT policy lookup failed. Cache add aborted
    226  Connection cache is full
    227  Get VPN tunnel interface from policy failed
    228  Packet from bounced path
    229  Half open ESP connection
    230  Half open IPCOMP connection
    231  Allocate memory for connection cache failed
    232  Packet marked to be dropped on ingress
    233  Packet marked to be dropped on egress
    234  Packet dropped by BWM CBQ as there is no default queue
    235  Packet dropped by BWM CBQ as the queue is full
    236  Packet dropped by BWM ACKQ as the queue is full
    237  Packet dropped by BWM ACKQ as there is no default queue
    238  Packet dropped due to BWM spin lock error
    239  MAC-IP Anti-spoof check enforced for hosts.
    240  MAC-IP Anti-spoof cache not found for this router.
    241  MAC-IP Anti-spoof cache found, but it is not a router.
    242  MAC-IP Anti-spoof cache found, but it is blacklisted device.
    243  Packet dropped - IDP failure on sslspy packet
    244  Packet droppedd - Content filter failure on sslspy packet
    245  Packet dropped - failed processing
    246  Packet dropped - failed SIP pre-processing
    247  Packet dropped - failed SIP post-processing
    248  Packet dropped - unknown SIP method
    249  Packet dropped - unknown Call-ID in method
    250  Packet dropped - invalid Contact:
    251  Packet dropped - invalid Call-ID:
    252  Packet dropped - invalid Via:
    253  Packet dropped - invalid From:
    254  Packet dropped - invalid To:
    255  Packet dropped - invalid RecordRoute:
    256  Packet dropped - invalid Maddr:
    257  Packet dropped - invalid Route:
    258  Packet dropped - invalid ACK
    259  Packet dropped - invalid method
    260  Packet dropped - invalid ReferredBy:
    261  Packet dropped - invalid ReferredTo:
    262  Packet dropped - invalid BYE
    263  Packet dropped - invalid CANCEL
    264  Packet dropped - invalid INVITE
    265  Packet dropped - invalid REGISTER
    266  Packet dropped - SDP body not found
    267  Packet dropped - bad SDP content length
    268  Packet dropped - bad SDP c=
    269  Packet dropped - bad SDP m=
    270  Packet dropped - failed SDP processing
    271  Packet dropped - Geo-IP block for init country
    272  Packet dropped - Geo-IP block for resp country
    273  Packet dropped - BOTNET block for init command and control center
    274  Packet dropped - BOTNET block for resp command and control center
    275  -
     

    Related Articles

    • DNS Proxy: Creating DNS entries for internal/private network
    • Global VPN Client Connectivity Error
    • Unable to access certain websites, either slow or completely failing.

    Categories

    • Firewalls > TZ Series
    • Firewalls > SonicWall SuperMassive E10000 Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > SonicWall NSA Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
      Scroll to top
      Trace:63d06900c8ef267d887744bb716d43f8-78