Using Traffic Monitor Graphs : Using the Anomaly Drops graphs : Using the Anomaly Drops Layer 3 Anomalies graph
 
Using the Anomaly Drops Layer 3 Anomalies graph
You use the Layer 3 Anomaly graphs to monitor drops due to packets that do not conform with Layer 3 standards.
Table 45 summarizes the statistics displayed in the Layer 3 Anomaly Drops graph. Figure 59 shows the graph.
You can customize the following query terms: SPP, period, direction.
Before you begin:
You must have Read-Write permission for Log & Report settings.
To display the graphs:
Go to Monitor > Anomaly Drops > Layer 3 Anomaly Drops.
Table 45: Anomaly Drops: Layer 3 Anomaly Drops
Statistic
Description
IP Header Checksum Error
Drops due to checksum errors.
Layer 3
Drops due to the Layer 3 anomalies, including:
IP version other than 4 or 6
Header length less than 5 words
End of packet (EOP) before 20 bytes of IPV4 Data
Total length less than 20 bytes
EOP comes before the length specified by Total length
End of Header before the data offset (while parsing options)
Length field in LSRR/SSRR option is other than (3+(n*4)) where n takes value greater than or equal to 1
Pointer in LSRR/SSRR is other than (n*4) where n takes value greater than or equal to 1
For IP Options length less than 3
Source and Destination Address Match
Drops due to an anomaly that is detected when source and destination addresses are the same (LAND attack).
Source/Destination as Localhost
Drops due to an anomaly that is detected when source or destination address is the same as the localhost (loopback address spoofing).
 
Figure 59: Anomaly Drops: Layer 3 Anomaly Drops