What are those TCP Keep Alives

tcp
keep-alive
retag add tags

Hey all,

I have a Network flow that works like this:

     Client                             Server
1.      | -------- Send an ENQ --------->  |        // Initialization
2.      | <------- Send an ACK ----------  |        //
3.      | --------- Send DATA  --------->  |        // Transmission
4.      | <------- Send an ACK ----------  |        //
5.      | -------- Send an EOT --------->  |        // Termination

This is a screenshot of the wireshark capture of this communication:

Wireshark capture print

Where 192.168.0.2 is the server and 192.168.0.3 is the client.

Mostly of the capture seems correct, I can identify the initial TCP handshake, and the previous flow, but I don't understand what are the frames nº 12 to 16.

Are those TCP Keep Alive requests, without the clients replies? And how about frame nº 15? What is that?

Thank you.

Any input is appreciated.

Pudim

asked 2019-03-27 13:13:02 +0000

edit flag offensive 0 remove flag close merge delete

Comments

Hi Pudim,

This is a good question, but it is a networking question and not a Wireshark question. It would be more suitable on reddit.com/r/networking or stackoverflow.com with a networking tag. You may also want to read up on TCP Keep Alives

Ross Jacobs (2019-03-27 15:30:30 +0000) edit

add a comment see more comments

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

What are those TCP Keep Alives edit

Comments

Be the first one to answer this question!

What are those TCP Keep Alives