Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
446
Views
0
Helpful
1
Replies

Pix 7.x + Bad option length in TCP

gaetan.allart
Level 1
Level 1

‎03-21-2006 12:37 AM - edited ‎02-21-2020 12:47 AM

Hi,

In some cases, I get packets dropped whith the following reason :

"Bad option length in TCP"

Is there a way to create a TCP-Map to accept these packets anyway ?

Thanks,

Regards,

Gaëtan

0 Helpful
1 Reply 1

davidecooper1967
Level 1
Level 1

‎03-21-2006 06:40 AM

tcp-bad-option-len

This counter is incremented and the packet is dropped when the security appliance receives a TCP packet with a TCP option set, but the option length does not match the length defined for that option in the TCP RFC.

The packet corruption may be caused by a bad cable or noise on the line. It may also be that a TCP endpoint is sending corrupted packets and an attack is in progress. Please use the packet capture feature to learn more about the origin of the packet

You may be able to use the tcp-options command to fix if you can identify what and where the packet is originating.

Check this link for more info

http://www.cisco.com/en/US/products/ps6120/products_command_reference_chapter09186a00805fb9fc.html#wp1088604

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card