    Hi all -

    We've discovered a strange pattern on our Network's OpenNMS reports for TCP Errors and Failures.

    Every day, we get an "outrsts" spike on every node that we get SNMP traps. 2811 routers, 2950s, 7304s, and 3845s... it also appears on non-Cisco devices like servers and serial devices. The time of the spike varies on each piece of equipment but always seems to happen every 24 hours for each.

    The OID is

    Here is a description I got from cisco but it wasn't that much use to me.

    Does anyone know if this spike is dangerous? Whether it is or not, we'd like to get rid of it. It is reported as a TCP error, if it is harmless we'll have a hard time telling between it and a real error. I find it hard to believe that every device in our network, and every interface in our network is having it's counters reset every 24 hours. It might be coming from a single device.

    Thanks, I hope that made sense.
    Re: TCP Error/ Failure outRsts

    HI asusag,

    I believe what you are seeing is TCP resets (abbreviated RST). It looks like an outbound reset from your devices. Basically, a RST is done to close a TCP connection abnormally. In other words, the RST is sent from the either side of the connection to immedately close the connection. Think of this as you having a phone conversation and one person just hanging up instead of saying goodbye.

    Here are some links on the TCP 3 way handshake and how TCP works (including RST):

    At this point, I can't tell you if this is bad or not. I would get something like Ethereal and monitor a key router or switch on your network. Let it give you more info to see if you see something else that happens at the same time as this event.

    Let us know what you find.

    -David Davis
