SSH performance question

asked 2017-11-17 14:17:27 +0000

cpocket gravatar image

updated 2017-11-17 15:26:14 +0000

Jaap gravatar image


Newer to WS and I think I know the answer to this question but wanted to get another opinion. If I have an SSH capture and don't have the ability to decrypt the packets is there anything of importance I can learn from a latency standpoint?

I can see some really large TCP Delta's and saw first hand how slow the application felt at this time. If there's anything else I could learn from this capture please let me know how I could accomplish this.


edit retag flag offensive close merge delete


TCP Delta is a great place to start. Pay close attention to where those large deltas occur (i.e. beginning of the capture, between commands, between each character sent, at the session close, etc). The initial TCP handshake can also help determine latency. Jasper has a great blog post on that here (

csereno gravatar imagecsereno ( 2017-12-22 18:41:39 +0000 )edit