10-13-2025 02:36 AM - edited 10-13-2025 02:38 AM
you can set packet-diag to track this counter
> debug dataplane packet-diag set log counter flow_tcp_non_syn_drop
you'll need to enable logging, keep track of your dataplane resources to make sure you're not overloading your system, and then once a few seconds have passed (assuming the rate in your pasted output is 62 all the time) disable logging again, aggregate your captures and then check the aggregated file
reaper@PA-440> debug dataplane packet-diag set log counter flow_tcp_non_syn_drop
reaper@PA-440> debug dataplane packet-diag clear log log
reaper@PA-440> debug dataplane packet-diag set log on
Packet log is enabled. WARNING: Enabling of debug commands could result in network outage. Not recommended if dataplane CPU is above 60%.
reaper@PA-440>
reaper@PA-440>
reaper@PA-440>
reaper@PA-440> show counter global filter delta yes | match flow_tcp_non_syn_drop
flow_tcp_non_syn_drop 52 2 drop flow session Packets dropped: non-SYN TCP without session match
reaper@PA-440>
reaper@PA-440> debug dataplane packet-diag set log off
Packet log is disabled
reaper@PA-440> debug dataplane packet-diag aggregate-logs
pan_packet_diag.log is aggregated
reaper@PA-440> less mp-log pan_packet_diag.log
