# Sonicwall Malformed Packet Drop Logs



## cfdltech (Mar 21, 2017)

I have to have the log emailed to me everyday but I constantly get an alert that is flooding the email box. 

I am on a TZ model Sonicwall with SonicOS Enhanced 5.8.1.5-46o.

I did some digging into it and it is pretty well agreed that it is from multicast issues. The main solution is to turn on multicast for the interface. I also read to just cut off logs for multicast but the message is categorized as "Network Access" so I don't think that will work and I have 0 messages for "Multicast" logs. Here is the additional info from the log

Message: Malformed or unhandled IP packet dropped
Source: 0.0.0.0, 17, X1 (X1 is my WAN port)
Destination: 224.0.0.1, 17
Notes: Protocol:2

My source is confusing because I assume I would turn on multicast for the X1 interface but I was worried about security implications because I think the default is multicast off on the interfaces. I would rather find the culprit but the source does not tell me much where to start looking. Other online searches it seemed most people had a valid IP address for the source to like their Windows Server and then they could turn off some services on it to fix. I did a packet capture and it put the src MAC at [00:05:04:03:02:01] which hardly seems right as it just counts down in order. Obviously, I didn't find any device that matches that MAC on my network. 

I guess I would not be too worried about just turning on multicast if someone can verify which interface I should be turning it on for and explain any security concerns with doing so.

Many thanks in advance.


----------

