show services service-sets statistics integrity-drops

Name of an adaptive services interface.

Name of a service set.

Total errors, categorized by protocol:

• IP—Total IP version 4 errors.

• TCP—Total Transmission Control Protocol (TCP) errors.

• UDP—Total User Datagram Protocol (UDP) errors.

• ICMP—Total Internet Control Message Protocol (ICMP) errors.

IPv4 errors:

• IP packet length inconsistencies—IP packet length does not match the Layer 2 reported length.

• Minimum IP header length check failures—Minimum IP header length is 20 bytes. The received packet contains less than 20 bytes.

• Reassembled packet exceeds maximum IP length—After fragment reassembly, the reassembled IP packet length exceeds 65,535.

• Illegal source address 0—Source address is not a valid address. Invalid addresses are, loopback, broadcast, multicast, and reserved addresses. Source address 0, however, is allowed to support BOOTP and the destination address 0xffffffff.

• Illegal destination address —Destination address is not a valid address.  The address is reserved.

• TTL zero errors—Received packet had a time-to-live (TTL) value of 0.

• Illegal IP protocol number 0 or 255—IP protocol is 0 or 255.

• Land attack—IP source address is the same as the destination address.

• Non-IP packets—Packet did not conform to the IP standard.

• IP option—Packet dropped because of a nonallowed IP option.

• Non-IPv4 packets—Packet was not of the IPv4 type.

• Non-IPv6 packets—Packet was not of the IPv6 type.

• Bad checksum—Packet had an invalid IP checksum.

• Illegal IP fragment length—Illegal fragment length. All fragments (other than the last fragment) must have a length that is a multiple of 8 bytes.

• IP fragment overlap—Fragments have overlapping fragment offsets.

• IP fragment limit exceeded: —Fragments dropped because the configured number of allowed fragments for a packet was exceeded.

• IP fragment reassembly timeout—Some of the fragments for an IP packet were not received in time, and the reassembly handler dropped partial fragments. Whenever a fragment is received, it is maintained in a chain until all other fragments are received. If other fragments do not arrive within the configured value of reassembly-timeout, this packet is dropped and the value of the counter shown in this field is incremented. If other fragments arrive in time but the total number of fragments is more than the configured value of fragment-limit, all the fragments (of this packet) are dropped and the value of the counter shown in this field is incremented.

• Unknown: —Unknown fragments.

TCP protocol errors:

• TCP header length inconsistencies—Minimum TCP header length is 20 bytes, and the IP packet received does not contain at least 20 bytes.

• Source or destination port number is zero—TCP source or destination port is zero.

• Illegal sequence number, flags combination—Dropped because of TCP errors, such as an illegal sequence number, which causes an illogical combination of flags to be set.

UDP protocol errors:

• IP data length less than minimum UDP header length (8 bytes)—Minimum UDP header length is 8 bytes. The received IP packets contain less than 8 bytes.

• Source or destination port is zero—UDP source or destination port is 0.

ICMP protocol errors:

• IP data length less than minimum ICMP header length (8 bytes)—ICMP header length is 8 bytes. This counter is incremented when received IP packets contain less than 8 bytes.

• ICMP error length inconsistencies—Minimum length of an ICMP error packet is 48 bytes, and the maximum length is 576 bytes. This counter is incremented when the received ICMP error falls outside this range.