I want to verify keepalive package if it does get sent from openvpn server to connected client in openvpn 2.4.xx by trying to capture traffic on the physical interface. but I am not quite sure those captured traffic is real keepalive traffic,anyone can help to explain that for below traffic record? to my understanding, keepalive package is not sent though tun device , is it correct ? and the keepalive package is not a real ping package , right ?
Code: Select all
22:02:33.099781 IP (tos 0xe0, ttl 52, id 15565, offset 0, flags [DF], proto TCP (6), length 52)
x.x.x.x.1194 > 172.18.81.59.49312: Flags [.], cksum 0x703e (correct), seq 1461, ack 1428, win 302, options [nop,nop,TS val 2509115906 ecr 1108025630], length 0
22:02:39.058874 IP (tos 0xe0, ttl 52, id 15566, offset 0, flags [DF], proto TCP (6), length 94)
x.x.x.x.1194 > 172.18.81.59.49312: Flags [P.], cksum 0x8f29 (correct), seq 1461:1503, ack 1428, win 302, options [nop,nop,TS val 2509121865 ecr 1108025630], length 42
22:02:39.059003 IP (tos 0x0, ttl 64, id 399, offset 0, flags [DF], proto TCP (6), length 52)
172.18.81.59.49312 > x.x.x.x.1194: Flags [.], cksum 0x8ec9 (incorrect -> 0x40b2), seq 1428, ack 1503, win 501, options [nop,nop,TS val 1108031602 ecr 2509121865], length 0
22:02:43.184238 IP (tos 0x0, ttl 64, id 400, offset 0, flags [DF], proto TCP (6), length 94)
172.18.81.59.49312 > x.x.x.x.1194: Flags [P.], cksum 0x8ef3 (incorrect -> 0x6421), seq 1428:1470, ack 1503, win 501, options [nop,nop,TS val 1108035728 ecr 2509121865], length 42
22:02:43.197387 IP (tos 0xe0, ttl 52, id 15567, offset 0, flags [DF], proto TCP (6), length 52)