← Back to context

Comment by eieio

1 month ago

Hey! I'm the author.

My thinking was:

  * Yes, I clearly know what tcpdump is / how to capture network traffic
  * It has been several years since I have looked at a pcap
  * I don't have wireshark installed on this computer
  * I've done the thing where you decrypt TLS with wireshark exactly once, years ago, and I found it frustrating for reasons I can't remember[1]. Wasn't sure if I could do this with ssh
  * When I started investigating this, I didn't remotely think that ssh was the root cause. I thought it was a quirk of my game
  * I *did* make a client that printed out all the data it was receiving, but it was useless because it was operating at the wrong layer (e.g. it connected over SSH and logged the bytes SSH handed it)
  * I'm experimenting with Claude Code a lot because it has a lot of hype and I would like to form an opinion
  * Looking up flags is annoying
  * Being able to tell an agent "look at this pcap and tell me what you see" is *cool*

So idk. I'm sure that you would have solved this much more quickly than I did! I'm not sure that (for me) opening up the packet in Wireshark would have solved this faster. Maybe reading the SSH spec would have, but debugging also just didn't take that long.

And the big leap here was realizing that this was my SSH client and not a quirk of my game. The time at which I would have read the SSH spec was after I captured traffic from a regular SSH session and observed the same pattern; before that I was thinking about the problem wrong.

I don't think that this is unfortunate. In fact, I think I got what I wanted here (a better sense of Claude Code's strengths and weaknesses). You're right that an alternative approach would have taught me different things, and that's a worthy goal too.

[1] I suspect this is because I was doing it for an old job and I had to figure out how to run some application with keys I controlled? It would have been easier here. I don't remember.

3 comments

eieio

Reply
JohnLeitch  1 month ago

Thanks for taking the time to respond, and apologies for the contentiousness. I'm a jaded old man suffering from severe LLM fatigue, so I may have come off a bit harsh. Your write-up was a good read, and while I might be critical of your methodology, what you did clearly worked, and that's what matters in the end. Best of luck with your project, especially the go lib fork.

  • eieio  1 month ago

    Eh, I was a little annoyed at the comment last night but read through the thread again today and you were clearly engaging in good faith.

    I totally get being exhausted at LLMs. And I don't mind the nudge to be a little less lazy and install wireshark for next time.

    hope I get you to play the game when it's out!