What are those TCP Keep Alives

asked 2019-03-27 13:13:02 +0000

Pudim gravatar image

Hey all,

I have a Network flow that works like this:

     Client                             Server
1.      | -------- Send an ENQ --------->  |        // Initialization
2.      | <------- Send an ACK ----------  |        //
3.      | --------- Send DATA  --------->  |        // Transmission
4.      | <------- Send an ACK ----------  |        //
5.      | -------- Send an EOT --------->  |        // Termination

This is a screenshot of the wireshark capture of this communication:

Wireshark capture print

Where 192.168.0.2 is the server and 192.168.0.3 is the client.

Mostly of the capture seems correct, I can identify the initial TCP handshake, and the previous flow, but I don't understand what are the frames nº 12 to 16.

Are those TCP Keep Alive requests, without the clients replies? And how about frame nº 15? What is that?

Thank you.

Any input is appreciated.

edit retag flag offensive close merge delete

Comments

Hi Pudim,

This is a good question, but it is a networking question and not a Wireshark question. It would be more suitable on reddit.com/r/networking or stackoverflow.com with a networking tag. You may also want to read up on TCP Keep Alives

Ross Jacobs gravatar imageRoss Jacobs ( 2019-03-27 15:30:30 +0000 )edit
add a comment