Why does SSH send 100 packets per keystroke? And why do I care? Jan 22, 2026
Here are a few lines of summarized tcpdump output for an ssh session where I send a single keystroke:
$ ./first_lines_of_pcap.sh single-key.pcap 1 0 .000s CLIENT- > SERVER 36 bytes 2 0 .007s SERVER- > CLIENT 564 bytes 3 0 .015s CLIENT- > SERVER 0 bytes 4 0 .015s CLIENT- > SERVER 36 bytes 5 0 .015s SERVER- > CLIENT 36 bytes 6 0 .026s CLIENT- > SERVER 0 bytes 7 0 .036s CLIENT- > SERVER 36 bytes 8 0 .036s SERVER- > CLIENT 36 bytes 9 0 .046s CLIENT- > SERVER 0 bytes 10 0 .059s CLIENT- > SERVER 36 bytes
I said a “few” because there are a lot of these lines.
$ ./summarize_pcap.sh single-key.pcap Total packets: 270 36 -byte msgs: 179 packets ( 66.3 % ) 6444 bytes Other data: 1 packet ( 0.4 % ) 564 bytes TCP ACKs: 90 packets ( 33.3 % ) Data sent: 6444 bytes in 36 -byte messages, 564 bytes in other data Ratio: 11 .4x more data in 36 -byte messages than other data Data packet rate: ~90 packets/second ( avg 11.1 ms between data packets )
That is a lot of packets for one keypress. What’s going on here? Why do I care?
here's those scripts if you're curious tshark -r " $1 " \ -T fields -e frame.number -e frame.time_relative -e ip.src -e ip.dst -e tcp.len | \ awk 'NR<=10 {dir = ($3 ~ /71\.190/ ? "CLIENT->SERVER" : "SERVER->CLIENT"); printf "%3d %6.3fs %-4s %3s bytes
", $1, $2, dir, $5}' tshark -r " $1 " -Y "frame.time_relative <= 2.0" -T fields -e frame.time_relative -e tcp.len | awk ' { count++ payload = $2 if (payload == 0) { acks++ } else if (payload == 36) { mystery++ if (NR > 1 && prev_data_time > 0) { delta = $1 - prev_data_time sum_data_deltas += delta data_intervals++ } prev_data_time = $1 } else { game_data++ game_bytes = payload if (NR > 1 && prev_data_time > 0) { delta = $1 - prev_data_time sum_data_deltas += delta data_intervals++ } prev_data_time = $1 } } END { print "Total packets:", count print "" printf " 36-byte msgs: %3d packets (%5.1f%%) %5d bytes
", mystery, 100*mystery/count, mystery*36 printf " Other data: %3d packet (%5.1f%%) %5d bytes
", game_data, 100*game_data/count, game_bytes printf " TCP ACKs: %3d packets (%5.1f%%)
... continue reading