Wireshark-dev: Re: [Wireshark-dev] decoding Remote Desktop Protocol

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Wed, 24 Oct 2007 11:26:01 -0600
On Wed, Oct 24, 2007 at 11:39:15AM -0500, DePriest, Jason R. wrote:

> Unfortunately, I can't seem to locate any good technical documentation
> on how RDP does what it does.
> 
> I considered looking at the linux programs that use it (rdesktop) and
> trying to read their code, but I don't write code myself so it would
> be hit or miss.
> 
> RDP is Microsoft's baby and I don't know where to look for in depth
> docs on it.
> 
> Does anyone have a link or two to some helpful stuff that would help
> me break the code?  Or will I just need to figure it the hard way?

There is little to no public documentation on Remote Desktop.  I wanted
to implement RDP dissection in Wireshark a while back and gave up (I had
just finished off the VNC dissector which was a pain even with
documentation).  Your best bet is to read the source code to rdesktop
(which is poorly documented if I remember correctly) and the articles
under the "Documentation" section of www.rdesktop.org.  It is a shame
they did not document the protocol(s) in a nice fashion while writing
the code to rdesktop.  I do not mean to discourage you or anyone from
trying to figure it out as it would be a great feature to have in
Wireshark.  I would be willing to help if someone could figure out at
least enough to get started :)


Steve