Submit a ticketCall us

WebinarUpcoming Webinar: How Help Desk and Remote Support Pays for Itself

Learn how help desk software can simplify ticketing management, allow you to track hardware and software assets, and accelerate the speed of IT support and service delivery. Gain insights on how remote support tools allow your IT team to maximize their efficiency and ticket resolution by expediting desktop troubleshooting, ultimately helping keep end-users happy and productive.

Register here.

Home > Success Center > Netflow Traffic Analyzer (NTA) > NTA charts display seemingly random data (spikes/protocols/bitrate)

NTA charts display seemingly random data (spikes/protocols/bitrate)

Created by Daniel Polaske, last modified by Alexandra.Nerpasova on Oct 19, 2017

Views: 154 Votes: 0 Revisions: 21

Updated October 19, 2017


You will find that the charts for certain devices or interfaces display some random data, such as spikes, invalid protocols, bitrates, and other.

The logs and the NTA Last 25 Traffic Events resource will be full of messages is receiving flow data from unmanaged interface '#1701981539'.... (where the interface number is random and varied). This is illustrated in the screenshot below:


The charts will display similar to the following:


Please note, this issue has a shared symptom (interfaces with random # in Last 25 Traffic Events) with the following issue, but is due to a different cause:


  • All NTA versions before NTA 4.2.3
  • Known affected flow protocols:  Netflow V9 and IPFIX
  • Known affected devices:  Cisco ASR v16.4
  • It is likely that other devices, makes/model/IOS versions are affected.


The issue is with the device template export containing the observation domain ID.  There are two templates with ID6 and ID256 which are distinguishable only by the observation domain ID string.  NTA then uses the wrong template for this flow data.


This will appear in the Wireshark capture as such:


Obs-Domain-ID= 6



Please see the screenshot from from the IPFIX example below:


This is a bug in processing the flow data which will be fixed in NTA 4.2.3.  There is currently no known workaround, but this is stated to be fixed in NTA 4.2.3.


Suggested Tags:  Obs-Domain-ID= 6, Obs-Domain-ID=256, ID6, ID256, Cisco ASR v16.4, Last 25 Traffic Events


A reason for rework or Feedback from Technical Content Review:



Last modified