The client is simply asking the server to keep the TCP connection alive, and the server acknowledges (ACK) the request to keep the connection alive. This is normal, and not suggestive of a problem. In this example, we see 2 TCP Keep-Alive packets, one from the client to the server and another from the server to the client. When the client application remains idle for some time, the client will send a Keep Alive ACK to the server. HTTP Continuation packets are common, as these packets are segments of the payload.įor a deeper understanding of HTTP Continuation packets, refer to the article on Understanding HTTP Continuation or TCP segment of a reassembled PDU packets in Wireshark.
Next, there will usually be some sort of payload to transfer from the server to the client. If using HTTPS, there should be a TLSv1.2 packets to establish a secured, encrypted connection. If using HTTP, you should at least see a GET request from the client to the server, an ACK from the server to the client, and an OK from the server to the client. To see the 3 way handshake in Wireshark, you will almost always want to add the stream index column.Īfter the connection has been established, there can be anywhere from a few to hundreds of packets. In this example, the client (192.168.0.103) sends a SYN packet to the server (192.168.0.130), the server sends a SYN ACK packet to the client, and the client sends a ACK packet to the server.
The 3 way handshake can be seen in Wireshark. ACK - The client sends an ACK (Acknowledge) packet to the server.SYN ACK - The server sends a SYN ACK (Synchronize Acknowledge) packet to the client.SYN - The client sends a SYN (Synchronize) packet to the server.This is done via the TCP 3 way handshake. Before a client and a server can exchange data (payload), the client and server must established a TCP connection.
0 kommentar(er)
