Wireshark-dev: Re: [Wireshark-dev] decoding Remote Desktop Protocol

From: "Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx>
Date: Fri, 26 Oct 2007 08:43:35 +0200
 
I can look if asn2wrs could generate at least some usefull code for
T.128 Legacy mode.


> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx 
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of 
> ronnie sahlberg
> Sent: Wednesday, October 24, 2007 10:09 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] decoding Remote Desktop Protocol
> 
> I think RDP is just using T.126 with some extra extensions.
> As far as I recall it is using the old legacy encoding and 
> not ASN PER.
> 
> I did find some documentation about this a long time ago but never had
> any traces/nor real interest in implementing it.
> 
> It should be possible to find the T.126 family as well as the old
> legacy encoding through google.
> (the old legacy encoding means the dissector has to be written by hand
> since asn2wrs can not be used)
> 
> 
> On 10/25/07, DePriest, Jason R. <jrdepriest@xxxxxxxxx> wrote:
> > After Tenable announced that they are going to have operating system
> > detection based on Remote Desktop fingerprinting available to Direct
> > Feed customers 
> (http://blog.tenablesecurity.com/2007/10/windows-operati.html),
> > I thought it would be great to figure out how they are doing that.
> >
> > Unfortunately, I can't seem to locate any good technical 
> documentation
> > on how RDP does what it does.
> >
> > I considered looking at the linux programs that use it 
> (rdesktop) and
> > trying to read their code, but I don't write code myself so it would
> > be hit or miss.
> >
> > RDP is Microsoft's baby and I don't know where to look for 
> in depth docs on it.
> >
> > Does anyone have a link or two to some helpful stuff that would help
> > me break the code?  Or will I just need to figure it the hard way?
> >
> > Thanks!
> >
> > -Jason
> >
> > --
> > NOTICE:  This email is being sent in clear-text across the public
> > Internet.  Therefore, any attempts to include unenforceable legalese
> > restrictions are ridiculous and pointless.  If you can read this,
> > consider yourself authorized (whether I like it or not).
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>