Re: PuTTY internals

From: Simon Tatham (anakin_at_pobox.com)
Date: 05/05/04


Date: 05 May 2004 11:31:19 +0100 (BST)

Brendan Gregg <brendan.gregg@tpg.com.au> wrote:
> Perhaps someone knows this offhand: I've been analysing SSH traffic for
> command line sessions and found that PuTTY appears to be sending each
> keystroke twice.

How have you been `analysing' the traffic? Just looking at the
encrypted data stream as it goes over the wire, or looking inside
the encryption somehow?

PuTTY can certainly be expected to send two SSH messages per
keystroke when you're typing a command at a command prompt: one is
the SSH_MSG_CHANNEL_DATA containing the character, and the other is
the SSH_MSG_CHANNEL_WINDOW_ADJUST acknowledging receipt of the
server data packet containing the echo. I would expect the server to
be sending the same two packets in response. However, the server
sends those two packets so close together in time that its TCP layer
may be clever enough to amalgamate them into a single TCP segment,
whereas PuTTY must send CHANNEL_DATA first and then WINDOW_ADJUST on
receiving the echoed character, and _then_ wait until the user types
the next character before sending a packet.

So if you're only looking at the number of TCP packets sent and have
no way of understanding their contents, then I think this is all
easily explained.

You might find PuTTY's SSH packet logging mode to be useful. This
will log the decrypted form of every SSH message to a file, and you
can match it up afterwards with the TCP packet logs. Together with
the SSH protocol drafts, this ought to give you a clear
understanding of what PuTTY is doing.

-- 
Simon Tatham         "The voices in my head are trying to ignore me.
<anakin@pobox.com>    But if I keep talking, I can drive them insane."


Relevant Pages

  • Re: PuTTY internals
    ... >> command line sessions and found that PuTTY appears to be sending each ... > the next character before sending a packet. ... > So if you're only looking at the number of TCP packets sent and have ... > understanding of what PuTTY is doing. ...
    (comp.security.ssh)
  • Re: SSH Tunnel through firewall- Help needed
    ... The easiest way to get to the Unix box would be to first ssh (Putty) ... into the Firewall and then, from there, do a command-line SSH ... An example of the command to use and which server to run it ...
    (comp.security.ssh)
  • Re: Alternative to PUTTY?
    ... > still when I try to SSH in to my Fedora Core 2 system, ... > Incorrect MAC received on packet ... > a better SSH client than PUTTY? ... That is not the fault of PuTTY. ...
    (comp.os.linux.misc)
  • Re: Windows SSH (remote execution of commands) - Python Automation
    ... Use putty (or any other ssh client from windows XP). ... where app1 is defined by putty and ls -l etc etc are command args. ...
    (comp.lang.python)
  • Re: General Linux?
    ... exit ssh and then come back later and ssh to the same command line program? ... my WinXP box. ... Will it work with PuTTY or only with a Linux version of ssh? ...
    (Fedora)