>From parsing through the documentation, I did'nt see any explanation on keep-alives or how wire shark knows the TCP packet is in fact a "keep-alive" packet.
I have a particular capture and I am lead to believe that there might be some keepalives, but I was curious. Does the tool look for a payload of 1 (in the TCP header) and a sequence number that is nonincrementing to determine if in fact the packet is a keep-alive packet?
I am running version Version 0.99.4 (SVN Rev 19757), the machine I am running the utility on is XP SP 2.
Thanks,
Everyone is raving about
the all-new Yahoo! Mail beta.