Re: Remote Desktop Default Filter Change For Windows

[Pascal Quantin <pascal.quantin () gmail com>]

2015-07-09 17:30 GMT+02:00 Matthew <matthew1471 () matthew1471 co uk>:

> Hi Wireshark Devs,
>
> In newer versions of Windows® that support the Remote Desktop Protocol
> (RDP) version 8.0 or later, Remote Desktop now uses UDP (and falls back
> on TCP if unavailable).
>
> In "ui_util.c" on line 331 is:
> >        g_string_printf(filter_str, "not tcp port 3389");
>
> This should probably be changed to:
> >        g_string_printf(filter_str, "not port 3389");
>
> "When connecting to remote desktop servers running Windows® 8, Windows®
> Server 2012, or the RDP 8.0 update for Windows® 7 SP1 via Windows®
> Server 2012 RD Gateway, UDP connections may be utilized to improve WAN
> performance."
> Source:
>
> http://blogs.msdn.com/b/rds/archive/2013/03/14/what-s-new-in-windows-server-2012-remote-desktop-gateway.aspx
>
> I can confirm this is also the case for Windows® Server 2012 R2 (which
> came out after that article was written).
>
> For those interested in dissection, a protocol spec. on RDP via UDP is
> also available here :
> https://msdn.microsoft.com/en-us/library/hh536846.aspx
>
> Of course you could add more intelligent logic in to detect if the user
> is running an OS version that supports UDP transport (Windows® 7 SP1 and
> above), but that's up for debate.
>
> Hope this helps,
> Matthew
Hi Matthew,

thanks for the report. I uploaded your suggested patch to
https://code.wireshark.org/review/#/c/9642 for review.

Best regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe