I get some kind of weird problems with a server randomly closes the connection. I am on client side, so fixing the server is not really my problem, but I see some kind of odd TCP communication. It might be worth to mention that the protocol is NETCONF over SSH, using OpenSSH client.
Not much out of order is seen when running ssh -vvv, except for a some messages like
debug2: channel 0: window 1998646 sent adjust 98506
Anyone who knows about what this mean (not the details regarding the actual feature, which are described here, https://datatracker.ietf.org/doc/html/rfc4254#section-5.2, but rather the particulars)? Also, in this case is the OpenSSH client senting or recieving?
I also see this kind of messages in the PCAP log. Payload is always 36 bytes and since the SSH is encrypted, I would assume the "payload" in this case means SSH data, regardless of content (which would also include SSH headers, etc.). How can I know the size of the window adjust message (IP addresses scrambled)?
"11499","2021-08-18 18:06:42.940955","a:b:c::d","d:c:b::a","TCP","108","36360 → 830 [PSH, ACK] Seq=901 Ack=2854573 Win=1412 Len=36 TSval=3002995779 TSecr=2976836203".
BR
Patrik
