SSH performance question
Hello,
Newer to WS and I think I know the answer to this question but wanted to get another opinion. If I have an SSH capture and don't have the ability to decrypt the packets is there anything of importance I can learn from a latency standpoint?
I can see some really large TCP Delta's and saw first hand how slow the application felt at this time. If there's anything else I could learn from this capture please let me know how I could accomplish this.
Regards,
TCP Delta is a great place to start. Pay close attention to where those large deltas occur (i.e. beginning of the capture, between commands, between each character sent, at the session close, etc). The initial TCP handshake can also help determine latency. Jasper has a great blog post on that here (https://blog.packet-foo.com/2014/07/determining-tcp-initial-round-trip-time/)