what does this wireshark info refer to
Solution 1
It's a TCP keepalive packet, containing no data but with the ACK flag set. Just tells the other end you are still there, and keeps the connection open.
There's a good overview here: http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html
Solution 2
ms-wbt-server is port 3389, and is used for the Remote Desktop Protocol (RDP), do you have a remote desktop connection open to your server by any chance?
Comments
-
Daniel Robinson about 2 years
I am new to wireshark and to networking in general, but I am monitoring the traffic of my application and I can filter on it so I can see when it is actively transfering data that it is supposed to with the server but wireshark shows this:
protocol = TCP length = 54 info = 56705 > ms-wbt-server [ACK] Seq=1 Ack=61 Win=252 Len=0
being fired every second from my app to my app server. Why does my application keep sending these packets every second?
It is a c# .net app if that is of any assistance.
-
Daniel Robinson over 11 yearsthanks @Vicky, I'll accept in 5 mins when I'm allowed to. could you tell me if keepalive is something which is recommended for large distributed systems? There are ~50000 clients in the system all reporting to a single app server, could this keepalive be a source of bad performance? or is the packect so small and 50000 clients quite a small number and shouldn't effect network performance too much?
-
Vicky over 11 yearsDoes the server need to know that the clients are all still there, and does the client need to know immediately the server becomes unreachable? If not, you can turn it off in your TCP settings. Yes, keepalive packets are small but with 50,000 clients sending one 60-byte keepalive a second to the same server (edit: and the responses coming back of course), I'd be surprised if that didn't have an impact on the network performance.
-
Daniel Robinson over 11 yearsthank you very much :) turns out the keepalive packets were from my remote desktop connection and not my application hehe, few.