what does this wireshark info refer to

networking tcp wireshark
18,521

Solution 1

It's a TCP keepalive packet, containing no data but with the ACK flag set. Just tells the other end you are still there, and keeps the connection open.

There's a good overview here: http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/overview.html

Solution 2

ms-wbt-server is port 3389, and is used for the Remote Desktop Protocol (RDP), do you have a remote desktop connection open to your server by any chance?

Share:
18,521
Daniel Robinson
Author by

Daniel Robinson

Projects API Dev @ Teamwork.com

Updated on June 17, 2022

Comments

  • Daniel Robinson
    Daniel Robinson about 2 years

    I am new to wireshark and to networking in general, but I am monitoring the traffic of my application and I can filter on it so I can see when it is actively transfering data that it is supposed to with the server but wireshark shows this:

    protocol = TCP
length = 54
info = 56705 > ms-wbt-server [ACK] Seq=1 Ack=61 Win=252 Len=0

    being fired every second from my app to my app server. Why does my application keep sending these packets every second?

    It is a c# .net app if that is of any assistance.

  • Daniel Robinson
    Daniel Robinson over 11 years
    thanks @Vicky, I'll accept in 5 mins when I'm allowed to. could you tell me if keepalive is something which is recommended for large distributed systems? There are ~50000 clients in the system all reporting to a single app server, could this keepalive be a source of bad performance? or is the packect so small and 50000 clients quite a small number and shouldn't effect network performance too much?
  • Vicky
    Vicky over 11 years
    Does the server need to know that the clients are all still there, and does the client need to know immediately the server becomes unreachable? If not, you can turn it off in your TCP settings. Yes, keepalive packets are small but with 50,000 clients sending one 60-byte keepalive a second to the same server (edit: and the responses coming back of course), I'd be surprised if that didn't have an impact on the network performance.
  • Daniel Robinson
    Daniel Robinson over 11 years
    thank you very much :) turns out the keepalive packets were from my remote desktop connection and not my application hehe, few.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

TCP Server sends [ACK] followed by [PSH,ACK]
TCP Dup ACK/Retransmission, bad configuration?
Capture TCP communication on a specific port using wireshark
Wireshark - How do i filter the TCP[RST] packet?
How can I see 127.0.0.1 traffic on Windows using Wireshark?
TCP Handshake error: SYN and SYN/ACK packets are not recognised
tcpdump capturing tcp resets by host
tcpdump filter for tcp zero window messages
tcpdump: snaplen set to 0 but still get "Packet size limited during capture"?
When to set “Don't fragment” flag in IP header?