Wireshark mailing list archives
Remote Desktop Default Filter Change For Windows
From: Matthew <matthew1471 () matthew1471 co uk>
Date: Thu, 9 Jul 2015 16:30:35 +0100
Hi Wireshark Devs, In newer versions of Windows® that support the Remote Desktop Protocol (RDP) version 8.0 or later, Remote Desktop now uses UDP (and falls back on TCP if unavailable). In "ui_util.c" on line 331 is:
g_string_printf(filter_str, "not tcp port 3389");
This should probably be changed to:
g_string_printf(filter_str, "not port 3389");
"When connecting to remote desktop servers running Windows® 8, Windows® Server 2012, or the RDP 8.0 update for Windows® 7 SP1 via Windows® Server 2012 RD Gateway, UDP connections may be utilized to improve WAN performance." Source: http://blogs.msdn.com/b/rds/archive/2013/03/14/what-s-new-in-windows-server-2012-remote-desktop-gateway.aspx I can confirm this is also the case for Windows® Server 2012 R2 (which came out after that article was written). For those interested in dissection, a protocol spec. on RDP via UDP is also available here : https://msdn.microsoft.com/en-us/library/hh536846.aspx Of course you could add more intelligent logic in to detect if the user is running an OS version that supports UDP transport (Windows® 7 SP1 and above), but that's up for debate. Hope this helps, Matthew ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Remote Desktop Default Filter Change For Windows Matthew (Jul 09)
- Re: Remote Desktop Default Filter Change For Windows Pascal Quantin (Jul 15)