Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Options

How to identify which policy is dropping packets.

I ran a packet capture and see the activity below. How do I figure out which specific policy is dropping this? Extra points if you can be specific.

Ethernet Header
Ether Type: IP(0x800), Src=[c8:9e:43:60:91:47], Dst=[18:c2:41:17:72:57]
IP Packet Header
IP Type: UDP(0x11), Src=[10.10.70.250], Dst=[10.10.70.1]
UDP Packet Header
Src=[59096], Dst=[137], Checksum=0x38c0, Message Length=58 bytes
Application Header
NETBIOS Ns:
Value:[1]
DROPPED, Drop Code: 727(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _2722_qpmjdzDifdl) 3:2)

Category: Firewall Security Services
Reply

Best Answer

Answers

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Unbelievably, you can't. All this drop code, module, ref.Id, etc looks like it would be a way to actually answer your question but it is not.

    The short answer to this specific packet drop is that the firewall won't be listening on port 135.

  • Options
    MarkDMarkD Cybersecurity Overlord ✭✭✭

    You can change the log level to "firewall action" and use this in conjunction with the packet monitor

Sign In or Register to comment.