CSS keepalive TCP flags
Hi. I have a problem with the way an application behaves in response to CSS tcp keepalives, I'd be grateful for any advice.
Using standard TCP keepalives, an application logs a broken connection for every keepalive, filling up the app logs, causing the administrators to complain. If I change the tcp-close type to FIN, the application doesn't log an error, but it still logs the connection, same complaint from the admins.
The application developers feel that it's not their problem, they're comparing the keepalives to nmap probes and indeed, it is possible to confirm that the service is up with nmap, without generating an error/connection log entry on the server.
According to some Wireshark captures, the TCP flags of a CSS keepalive, compared to an nmap probe, are as follows;
CSS --> Syn --> Server
CSS <-- Syn, Ack <-- Server
CSS --> Ack --> Server
CSS --> Rst, Ack --> Server
NmapPC --> Syn --> Server
NmapPC <-- Syn, Ack <-- Server
NmapPC --> Rst --> Server
So, my question is, can the tcp behaviour of CSS keepalives be modified, to dispense with the arguably superfluous 'ack'ing that's illustrated above?