Overview
Negotiate option is the wrong size' means that the Exinda saw a packet with tcp option 30 which makes it think is related to TCP acceleration.However when it tried to decode the packet, it found out it was just a false positive.
Why would someone use tcp option 30 besides Exinda?:
The two most common reasons for this are:
1. Someone is (trying) using multipath tcp. Apple has enabled this by default with iOS 7.
See "multipath tcp" listed in the follow IANA assigned values:
http://www.iana.org/assignments/tcp-parameters/tcp-parameters.txt
2. Someone is running a scanner/hacking program that is generating deliberately badly formed packets.
The customer can ignore these logs.
Exinda has changed the TCP option to 230 but option 30 is still in use as this is backwards compatible to old Exinda OS versions.
Cause
If the network is under a scan/flood, it might cause the device to restart unexpectedly.The device will be overwhelmed by connections and multipath packets and cause an unexpected shutdown
Resolution
In later versions, Exinda has moved from option 30 to 230 for TCP accelerated packet detection. This reduces confusion on the appliance.Upgrade to version 7 or above to address this.