Submit a ticketCall us

Training ClassSign up for Network Performance Monitor (NPM) and Scalability instructor-led classes

Attend our instructor-led classes, provided by SolarWinds® Academy, to discuss the more advanced monitoring mechanisms available in NPM as well as how to tune your equipment to optimize its polling capabilities. NPM classes offered:
NPM Custom Monitoring and Polling
Orion Platform Scalability

Reserve your seat.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA - Knowledgebase Articles > How Netflow summaries of TCP RST packets are handled by NTA

How Netflow summaries of TCP RST packets are handled by NTA

Table of contents
Created by Daniel Polaske, last modified by Alexandra.Nerpasova on Oct 12, 2017

Views: 235 Votes: 0 Revisions: 8

Updated October 12, 2017


TCP RST is generated by the router firewall when the idle TCP session times out (1 hour by default) and thus are valid to have an ingress/source Interface index of '0', because they're locally self-generated packets originating in the Router's CPU, without a real 'interface'.  If it's a firewall RST injection packet, the source IP will be spoofed.



  • All Orion NTA environments


Please note, this behavior will cause NTA to drop the flows due to the SNMP interface index ID of 0, or due to a mismatching management IP address mapped between the node and source IP address (the spoofed address).


Suggested Tags:  TCP, TCP RST, RST, SNMP, interface, index, ID, 


Reason for Rework or Feedback from Technical Content Review:



Last modified