Things that you may want to know about TCP Keepalives

Things that you may want to know about TCP Keepalives

  • Comments 8
  • Likes


In this blog entry, I will be discussing TCP keepalive mechanism and will also provide some information about configuration options on Windows systems.

a) Definition

Let's first understand the mechanism. A TCP keep-alive packet is simply an ACK with the sequence number set to one less than the current sequence number for the connection. A host receiving one of these ACKs responds with an ACK for the current sequence number. Keep-alives can be used to verify that the computer at the remote end of a connection is still available. TCP keep-alives can be sent once every KeepAliveTime (defaults to 7,200,000 milliseconds or two hours) if no other data or higher-level keep-alives have been carried over the TCP connection. If there is no response to a keep-alive, it is repeated once every KeepAliveInterval seconds. KeepAliveInterval defaults to 1 second. NetBT connections, such as those used by other Microsoft networking components, send NetBIOS keep-alives more frequently, so normally no TCP keep-alives are sent on a NetBIOS connection. TCP keep-alives are disabled by default, but Windows Sockets applications can use the setsockopt() function to enable them.

b) Configuration

Now let's talk a little bit about configuration options. There're 3 registry keys where you can affect TCP Keepalive mechanism on Windows systems:

Key: Tcpip\Parameters
Value Type: REG_DWORD-time in milliseconds
Valid Range: 1-0xFFFFFFFF
Default: 1000 (one second)
Description: This parameter determines the interval between TCP keep-alive retransmissions until a response is received. Once a response is received, the delay until the next keep-alive transmission is again controlled by the value of KeepAliveTime. The connection is aborted after the number of retransmissions specified by TcpMaxDataRetransmissions have gone unanswered.

TCPIP driver waits for a TCP Keepalive ACK for the duration of time specified in this registry entry.

Key: Tcpip\Parameters
Value Type: REG_DWORD-time in milliseconds
Valid Range: 1-0xFFFFFFFF
Default: 7,200,000 (two hours)
Description: The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote system is still reachable and functioning, it acknowledges the keep-alive transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by an application

In order for a TCP session to stay idle, there should be no data sent or received.

c) If OS is Windows XP/2003 the following registry entry applies:

Key: Tcpip\Parameters
Value Type: REG_DWORD-number
Valid Range: 0-0xFFFFFFFF
Default: 5
Description: This parameter controls the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection. The retransmission time-out is doubled with each successive retransmission on a connection. It is reset when responses resume. The Retransmission Timeout (RTO) value is dynamically adjusted, using the historical measured round-trip time (Smoothed Round Trip Time) on each connection. The starting RTO on a new connection is controlled by the TcpInitialRtt registry value.

This registry entry determines the number of TCP retransmissions for an individual TCP segment. There's no special registry entry to determine the retransmission behavior of TCP Keepalives and this registry entry is also used for the TCP keepalive scenario.

Important note: If OS is Windows Vista/2008, the number of TCP Keepalive attempts are hardcoded to 10 and could not be adjusted via the registry.

d) Some special considerations

=> Even if TCP KeepaliveTime and TCPKeepAliveInterval registry keys are set to a specific value (TCPIP driver uses the deafult values even if we don't set these registry keys from the registry), TCPIP driver won't start sending TCP Keepalives until Keepalives are enabled via various methods at upper layers (layers above TCPIP driver).

=> Native Socket applications can enable TCP keepalives by using anyone of the following methods:

- setsockopt() with SO_KEEPALIVE option
- WSAIoctl() with SIO_KEEPALIVE_VALS option (it's also possible to change Keepalive timers with this API call dynamically on a per-socket basis)

=> Managed applications (.NET), can use one of the following methods:

- SetSocketOption method from Socket Class in System.Net.Sockets namespace
- GetSocketOption method from Socket Class in System.Net.Sockets namespace

=> Effect of using Keepalives on bandwidth usage

Since TCP Keepalives are TCP segments without data (and the SEQ number set to one less than the current SEQ number), Keepalive usage bandwidth usage can simply be neglected. There's an example below to give an idea about how big a TCP Keepalive packet could be:

- 14 bytes (L2 header - Assuming that Ethernet protocol is used. This could be even lower for other WAN protocols like PPP/HDLC/etc)
- 20 bytes (IP header - assuming no IP options are used)
- 20 bytes (TCP header - assuming no TCP options are used)

Total: ~54 bytes

Even if TCP Keepalive interval is set to 5 minutes or so (default is 2 hours), given that TCP connection goes idle, TCPIP driver will send a ~54 TCP Keepalive message every 5 minutes and as can be seen it could simply be neglected.

You may also find some references below:

Microsoft Windows Server 2003 TCP/IP Implementation Details
TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008 setsockopt Function WSAIoctl Function Socket..::.SetSocketOption Method Socket..::.GetSocketOption Method

Hope this helps.


  • Microsoft security guides for Vista, Windows 7 , 2008 and 2008 R2 recommend a value of 3 for the TcpMaxdataRetransmissions key.  This key is also mentioned in the TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008 document and it also has the same recommendation.

    However your note above  "Important note: If OS is Windows Vista/2008, the number of TCP Keepalive attempts are hardcoded to 10 and could not be adjusted via the registry. " , what does this mean. Is there some error somewhere. Please advise. Thanks.

  • Thank you for the feedback Ravindra. There could be some misleading information in some documentations, if you could send me Microsoft links for those documents that you refer to, I can internally initiate change request. Back to how it works in Windows Vista onwards, you can also get more information at the below link:  SO_KEEPALIVE Socket Option


    On Windows Vista and later, the number of keep-alive probes (data retransmissions) is set to 10 and cannot be changed.




  • For windows sockets are tcp keep alives enabled by default ?

    What about for WinHTTP conversations that use windows sockets under the covers ?



  • Will it have any negative impact if i change "TcpMaxDataRetransmissions" to 5-6 as of now it is set to 3 (Default) and dont want to change keepalivetime which is set to 300000.


  • Hi Tahir,
    This may impact on DHCP client service starting issue. It will stop DHCP client service and will not allowed you to restart it.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment