This article explores why SSH sends a large number of packets for a single keystroke, specifically highlighting the impact of keystroke timing obfuscation introduced in 2023. The author investigates performance issues in a high-performance game running over SSH and discovers that the added chaff packets significantly increase CPU and bandwidth usage. Solutions for optimizing SSH performance without compromising security are discussed.

Qtap is an eBPF agent designed to capture and analyze traffic within the Linux kernel, providing insights into egress traffic without modifying applications or managing certificates. It enables security audits, debugging, API development, and troubleshooting by displaying unencrypted data and operational metrics in real time. The project is in early development and welcomes community feedback and contributions.