This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, I have captured a TCP session which has TCP keep alive packet at the end. machine A has sent the keep alive packet to machine B and machine B has acknowledged this keep alive packet. But there is no communication after that between them. Does this mean the connection is still open between the two machines? If connection is closed then how to decide when the connection is closed between them?

The TCP session I captured looks like this: link text

Thanks in advance.

asked 23 Sep '13, 03:21

Swamy's gravatar image

Swamy
16225
accept rate: 0%


Yes, the connection is still open between the machines in your capture. Usually, one of the two machines will terminate the session after a global timeout is reached, but sometimes you'll see Keep-Alives for long long times, e.g. for SSH sessions.

The closing of the connection will be performed either gracefully (using FIN flags) or brutally (using a Reset flag). Unless you see then, the connection is still alive.

permanent link

answered 23 Sep '13, 05:20

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

One more clarification though. The Dump file i have has similar kind of TCP sessions and none of them are closed like the dump file i have attached. So according to you all the connections are still opened.One or two sessions like that i would understand that connection is still opened but i have around 25-30 sessions like that.what might be the reason for that?

(23 Sep '13, 05:56) Swamy

Usually a connection is terminated with a Reset flag if the application shuts down that has used the port. So if the application on both ends is still alive, the connection can stay open for a long time.

E.g users often start database applications in the morning and keep them open even while not using them for hours, so the TCP connection stays open, too. In those cases Keep Alives are very useful to prevent session termination by a Firewall or ACL, but if there aren't such devices in the network the connection doesn't even have to use Keep Alives to keep going.

(23 Sep '13, 06:07) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×752
×8

question asked: 23 Sep '13, 03:21

question was seen: 4,695 times

last updated: 23 Sep '13, 06:07

p​o​w​e​r​e​d by O​S​Q​A