Check out that show asp drop command!

sh asp drop

Frame drop:

Invalid encapsulation (invalid-encap) 8

Invalid TCP Length (invalid-tcp-hdr-length) 13

Invalid UDP Length (invalid-udp-length) 3

No valid adjacency (no-adjacency) 432

No route to host (no-route) 854

Flow is denied by configured rule (acl-drop) 5917343

Flow denied due to resource limitation (unable-to-create-flow) 3717

Invalid SPI (np-sp-invalid-spi) 827

NAT-T keepalive message (natt-keepalive) 738148

First TCP packet not SYN (tcp-not-syn) 466773

Bad TCP flags (bad-tcp-flags) 204

TCP Dual open denied (tcp-dual-open) 3

TCP failed 3 way handshake (tcp-3whs-failed) 6351

TCP RST/FIN out of order (tcp-rstfin-ooo) 13965

TCP SEQ in SYN/SYNACK invalid (tcp-seq-syn-diff) 963

TCP SYNACK on established conn (tcp-synack-ooo) 375

TCP packet SEQ past window (tcp-seq-past-win) 10975

TCP invalid ACK (tcp-invalid-ack) 1580

TCP ACK in 3 way handshake invalid (tcp-discarded-ooo) 107

TCP Out-of-Order packet buffer full (tcp-buffer-full) 438460

TCP Out-of-Order packet buffer timeout (tcp-buffer-timeout) 318081

TCP RST/SYN in window (tcp-rst-syn-in-win) 8434

TCP packet failed PAWS test (tcp-paws-fail) 4202

IPSEC tunnel is down (ipsec-tun-down) 1789

Early security checks failed (security-failed) 182

Slowpath security checks failed (sp-security-failed) 38761

IP option drop (invalid-ip-option) 118

Expired flow (flow-expired) 4691

ICMP Error Inspect no existing conn (inspect-icmp-error-no-existing-conn) 10

DNS Inspect invalid packet (inspect-dns-invalid-pak) 12

DNS Inspect id not matched (inspect-dns-id-not-matched) 3306

FP L2 rule drop (l2_acl) 52939

Interface is down (interface-down) 3

Dropped pending packets in a closed socket (np-socket-closed) 24834

SVC Module does not have a session (mp-svc-no-session) 79

Last clearing: Never

Flow drop:

Need to start IKE negotiation (need-ike) 98

Inspection failure (inspect-fail) 120188

SSL received close alert (ssl-received-close-alert) 6

Last clearing: Never