Event ID - PIX-5-500003

Message CodePIX-5-500003
SeverityNotification
DescriptionBad TCP hdr length (hdrlen=bytes, pktlen=bytes) from source_address/source_port to dest_address/dest_port, flags: tcp_flags, on interface interface_name"
ExplanationThis message indicates that a header length in TCP is incorrect. Some operating systems do not handle TCP resets (RSTs) correctly when responding to a connection request to a disabled socket. If a client tries to connect to an FTP server outside the Cisco ASA and FTP is not listening, then the server sends an RST. Some operating systems send incorrect TCP header lengths, which causes this problem. UDP uses ICMP port unreachable messages. The TCP header length may indicate that it is larger than the packet length, which results in a negative number of bytes being transferred. A negative number is displayed by system log message as an unsigned number, which makes it appear much larger than it would be normally; for example, it may show 4 GB transferred in 1 second.
User ActionNone required. This message should occur infrequently.
Reference Links

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.