What is a TCP Keep Alive?

Before TCP can transfer data to another system, it first has to establish a TCP handshake (SYN – SYN/ACK – ACK)connection . If successful, the connection will now be available to transmit data.

Once the connection is established, a timer is started on each TCP stack that will eventually time out the connection. This means that if a socket is not in use for a specified amount of time, if the stack is configured to do so, it will send a TCP Keep Alive. This timer is a configurable setting and varies depending on the system.

The sending station is trying to see if the remote peer is dead, if the connection is still open and in use, or may just need to keep the connection open instead of suffering another handshake overhead. If the target does not respond, the sender may send several Keep Alives before finally sending a TCP reset to kill the socket. This is a good thing, since we don't want open/unused TCP connections staying open and hogging resources forever.

the TCP Keep Alive will also include 1 byte of data, which the connection partner needs to acknowledge. That will increment the sequence number by 1, and of course the ACK on the response.