Revision history - Ask Wireshark

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.

time T [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+1.5000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=10512965 ACK=100003 Win=263520 Len=1 time T+3.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+6.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+12.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.

time T [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+1.5000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=10512965 ACK=100003 Win=263520 Len=1 time T+3.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+6.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+12.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.

time T [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+1.5000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=10512965 ACK=100003 Win=263520 Len=1 time T+3.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+6.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1 time T+12.000 [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295 ACK=101003 Win=263520 Len=1

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.

e.g.:

time T  [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295  ACK=101003 Win=263520 Len=1
 time T+1.5000  [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=10512965  ACK=100003 Win=263520 Len=1
 time T+3.000  [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295  ACK=101003 Win=263520 Len=1
 time T+6.000  [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295  ACK=101003 Win=263520 Len=1
 time T+12.000  [TCP Keep-Alive] srcport -> dstport [PSH,ACK] Seq=1051295  ACK=101003 Win=263520 Len=1Len=1

Revision history [back]

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.

why does Wireshark flag the retransmission of a single byte fragment as a keep-alive? A true keep-[alive is an ACK with no data, tcp.len==0.