Wireshark is my shell...
OK, the way that it works is that first of all you have to monitor ALL of the traffic from the server. That's the first (unlikely) step.
The SSH connection will go through some connection packets, trying some authentication schemes first, and finally fall back to waiting on client-side user input. The user input is sent one character in a packet at a time to the other server, so it's easy to spot. Then there comes a big blast from the server, with your message-of-the-day, etc. And then the user types a command, etc. So yeah, the password is easy to spot. And you will know the timing of the user's key stokes.
What the researchers are getting at is because the network card is so efficient, it's like they are monitoring the sound of the keystrokes on the user's own keyboard. And then you are screwed just based on the timing of your typing.
So be spastic. Make mistakes. Pause ... like William Shatner for ... no apparent ... reason.