Wireshark and Network Monitor provide filters for this but I want to know how can I infer whether a packet is a TCP Keep-Alive or Keep-Alive Ack by looking at the header or payload.
A TCP keep-alive packet is an ACK with the sequence number set to one less than the current sequence number for the connection.