show services service-set statistics ids drops

Name of an adaptive services interface.

Name of a service set.

Total errors, categorized by protocol:

• IP—Total IP version 4 errors.

• TCP—Total Transmission Control Protocol (TCP) errors.

• UDP—Total User Datagram Protocol (UDP) errors.

• ICMP—Total Internet Control Message Protocol (ICMP) errors.

Number of IPv4 errors for the following categories:

• IP packet length inconsistencies—IP packet length did not match the Layer 2 reported length.

• Minimum IP header length check failures—Minimum IP header length is 20 bytes. The received packet contained less than 20 bytes.

• Reassembled packet exceeds maximum IP length—After fragment reassembly, the reassembled IP packet length exceeded 65,535.

• Illegal source address 0—Source address is not a valid address. Invalid addresses are loopback, broadcast, multicast, and reserved addresses. Source address 0, however, is allowed to support BOOTP and the destination address 0xffffffff.

• Illegal destination address —Destination address was not a valid address.  The address is reserved.

• TTL zero errors—Received packet had a time-to-live (TTL) value of 0.

• Illegal IP protocol number 0 or 255—IP protocol is 0 or 255.

• Land attack—IP source address is the same as the destination address.

• Non-IP packets—Packet did not conform to the IP standard.

• IP option—Packet had a non-allowed IP option.

• Non-IPv4 packets—Packet was not of the IPv4 type.

• Non-IPv6 packets—Packet was not of the IPv6 type.

• Bad checksum—Packet had an invalid IP checksum.

• Illegal IP fragment length—Illegal fragment length. All fragments (other than the last fragment) must have a length that is a multiple of 8 bytes.

• IP fragment overlap—Fragments had overlapping fragment offsets.

• IP fragment limit exceeded —Configured number of allowed fragments for a packet was exceeded.

• IP fragment reassembly timeout—Some of the fragments for an IP packet were not received in time, and the reassembly handler dropped partial fragments. Whenever a fragment is received, it is maintained in a chain until all other fragments are received. If other fragments do not arrive within the configured value of reassembly-timeout, this packet is dropped and the value of the counter shown in this field is incremented. If other fragments arrive in time but the total number of fragments is more than the configured value of fragment-limit, all the fragments (of this packet) are dropped and the value of the counter shown in this field is incremented.

• IPv4 bad options—Packet IP header contained IPv4 option that is not allowed.

• IPv6 bad extension headers—Packet contained IPv6 extension header type that is not allowed.

• session-limit exceeded for source—Number of concurrent sessions from an individual source address or subnet exceeded limit.

• session-limit exceeded for destination—Number of concurrent sessions to an individual destination address or subnet exceeded limit.

• connections/second limit exceeded for source—Number of connections per second for an individual source address or subnet exceeded limit.

• connections/second limit exceeded for destination—Number of connections per second for an individual destination address or subnet exceeded limit.

• packets/second limit exceeded for source—Number of packets per second for an individual source address or subnet exceeded limit.

• packet/second limit exceeded for destination—Number of packets per second for an individual destination address or subnet exceeded limit.

• Unknown —Unknown fragments.

Number of TCP protocol errors for the following categories:

• TCP header length inconsistencies—Minimum TCP header length is 20 bytes, and the IP packet received did not contain at least 20 bytes.

• Source or destination port number is zero—TCP source or destination port was zero.

• Illegal sequence number, flags combination—Packet had any type of TCP header anomaly.

• TCP winnuke—TCP segments destined for port 139 with the urgent (URG) flag set.

• TCP SYN Fragment—TCP SYN packet was a fragment.

• TCP connection closed due to SYN defense—Unestablished TCP connection closed because open-timeout value expired.

• TCP session-limit exceeded for source—Number of concurrent TCP sessions from an individual source address or subnet exceeded limit.

• TCP session-limit exceeded for destination—Number of concurrent TCP sessions to an individual destination address or subnet exceeded limit.

• TCP connections/second limit exceeded for source—Number of TCP connections per second for an individual source address or subnet exceeded limit.

• TCP connections/second limit exceeded for destination—Number of TCP connections per second for an individual destination address or subnet exceeded limit.

• TCP packets/second limit exceeded for source—Number of TCP packets per second for an individual source address or subnet exceeded limit.

• TCP packet/second limit exceeded for destination—Number of TCP packets per second for an individual destination address or subnet exceeded limit.

Number of UDP protocol errors for the following categories:

• IP data length less than minimum UDP header length (8 bytes)—Minimum UDP header length is 8 bytes. The received IP packets contained less than 8 bytes.

• Source or destination port is zero—UDP source or destination port was 0.

• UDP session-limit exceeded for source—Number of concurrent UDP sessions from an individual source address or subnet exceeded limit.

• UDP session-limit exceeded for destination—Number of concurrent UDP sessions to an individual destination address or subnet exceeded limit.

• UDP connections/second limit exceeded for source—Number of UDP connections per second for an individual source address or subnet exceeded limit.

• UDP connections/second limit exceeded for destination—Number of UDP connections per second for an individual destination address or subnet exceeded limit.

• UDP packets/second limit exceeded for source—Number of UDP packets per second for an individual source address or subnet exceeded limit.

• UDP packet/second limit exceeded for destination—Number of UDP packets per second for an individual destination address or subnet exceeded limit.

Number of ICMP protocol errors for the following categories:

• IP data length less than minimum ICMP header length (8 bytes)—ICMP header length contained less than 8 bytes.

• ICMP error length inconsistencies—ICMP error packet length was outside range of 48 bytes through 576 bytes.

• ICMP fragments— ICMP packet was an IP fragment.

• ICMP session-limit exceeded for source—Number of concurrent ICMP sessions from an individual source address or subnet exceeded limit.

• ICMP session-limit exceeded for destination—Number of concurrent ICMP sessions to an individual destination address or subnet exceeded limit.

• ICMP connections/second limit exceeded for source—Number of ICMP connections per second for an individual source address or subnet exceeded limit.

• ICMP connections/second limit exceeded for destination—Number of ICMP connections per second for an individual destination address or subnet exceeded limit.

• ICMP packets/second limit exceeded for source—Number of ICMP packets per second for an individual source address or subnet exceeded limit.

• ICMP packet/second limit exceeded for destination—Number of ICMP packets per second for an individual destination address or subnet exceeded limit.