Size of data packets in SSH connection
dkohn7 at gmail.com
Wed Apr 14 07:32:26 EST 2010
> No, the TCP packets can be any size. The SSH packets that they carry
> must be sized correctly and this depends on the cipher in use. See
> cipher.c in the OpenSSH source for the list of blocksizes.
Thank you, i'll look into that.I
can access the SSH packet data (via pcap), then this should be sized
correctly(according to SSH). For example out of 10K connections,
all SSH packet sizes were a multiple of 4, 30 connections had
packets with odd number of bytes (nearly always sent by the server)
I'm guessing this could happen at the TCP/IP level (i am seeing this
in tcpdump) - e.g fragmentation.
Could this be the reason why I see it? Why would it be so rare?
Thank you for your time
 If i'm not mistaken, the LCD of all sizes irrespective of cipher used is 4
More information about the openssh-unix-dev