Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- PuTTY internals
- Brendan Gregg
May 5, 2004, 5:56 am
rate this thread
Perhaps someone knows this offhand: I've been analysing SSH traffic for
command line sessions and found that PuTTY appears to be sending each
keystroke twice. Does anyone know of a reason for this?
Eg, drawing a client packet as "*" and a server reply as "."
and in PuTTY,
both while the same command was typed...
Re: PuTTY internals
How have you been `analysing' the traffic? Just looking at the
encrypted data stream as it goes over the wire, or looking inside
the encryption somehow?
PuTTY can certainly be expected to send two SSH messages per
keystroke when you're typing a command at a command prompt: one is
the SSH_MSG_CHANNEL_DATA containing the character, and the other is
the SSH_MSG_CHANNEL_WINDOW_ADJUST acknowledging receipt of the
server data packet containing the echo. I would expect the server to
be sending the same two packets in response. However, the server
sends those two packets so close together in time that its TCP layer
may be clever enough to amalgamate them into a single TCP segment,
whereas PuTTY must send CHANNEL_DATA first and then WINDOW_ADJUST on
receiving the echoed character, and _then_ wait until the user types
the next character before sending a packet.
So if you're only looking at the number of TCP packets sent and have
no way of understanding their contents, then I think this is all
You might find PuTTY's SSH packet logging mode to be useful. This
will log the decrypted form of every SSH message to a file, and you
can match it up afterwards with the TCP packet logs. Together with
the SSH protocol drafts, this ought to give you a clear
understanding of what PuTTY is doing.
Simon Tatham "The voices in my head are trying to ignore me.
Re: PuTTY internals
Thanks for your reply Simon! :)
On 5 May 2004, Simon Tatham wrote:
Just looking at the encrypted data size and timing....
(something for http://www.brendangregg.com/chaosreader.html )
I can't look inside the encryption - I don't have super human eyeballs!
Ahh - this is all very clear now. (and means I have a lot more work to
process this properly)..
BTW - PuTTY is fantastic!
- » Public Authentication Problem on Batch Job using SCP2 when SSH Client Reboot
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum