Wireshark and Network Monitor provide filters for this, but I want to know how I can determine if a packet is a permanent or permanent TCP server by looking at the header or payload.
The keep-alive TCP packet is an ACK with a sequence number set one less than the current sequence number for the connection.