Wireshark mailing list archives
Re: Remote Desktop Default Filter Change For Windows
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Wed, 15 Jul 2015 12:47:57 +0200
2015-07-09 17:30 GMT+02:00 Matthew <matthew1471 () matthew1471 co uk>:
Hi Wireshark Devs, In newer versions of Windows® that support the Remote Desktop Protocol (RDP) version 8.0 or later, Remote Desktop now uses UDP (and falls back on TCP if unavailable). In "ui_util.c" on line 331 is:g_string_printf(filter_str, "not tcp port 3389");This should probably be changed to:g_string_printf(filter_str, "not port 3389");"When connecting to remote desktop servers running Windows® 8, Windows® Server 2012, or the RDP 8.0 update for Windows® 7 SP1 via Windows® Server 2012 RD Gateway, UDP connections may be utilized to improve WAN performance." Source: http://blogs.msdn.com/b/rds/archive/2013/03/14/what-s-new-in-windows-server-2012-remote-desktop-gateway.aspx I can confirm this is also the case for Windows® Server 2012 R2 (which came out after that article was written). For those interested in dissection, a protocol spec. on RDP via UDP is also available here : https://msdn.microsoft.com/en-us/library/hh536846.aspx Of course you could add more intelligent logic in to detect if the user is running an OS version that supports UDP transport (Windows® 7 SP1 and above), but that's up for debate. Hope this helps, Matthew
Hi Matthew, thanks for the report. I uploaded your suggested patch to https://code.wireshark.org/review/#/c/9642 for review. Best regards, Pascal.
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Remote Desktop Default Filter Change For Windows Matthew (Jul 09)
- Re: Remote Desktop Default Filter Change For Windows Pascal Quantin (Jul 15)