This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Microsoft RDP Security Settings

0

I am looking at a packet capture from a Win 7 PC connecting to a Windows 2K8R2 server using RDP. Will the frame details show me the security levels that are negotiated. The host is set to use the High encryption level. Thanks for your help.

asked 25 Jun '14, 12:05

kevind5's gravatar image

kevind5
11112
accept rate: 0%

One Answer:

0

Please apply the following display filter:

rdp.encryptionMethod

Then look at the 'Info' column of the frame. It will show the negotiated encryption method.

Alternatively, open the RDP protocol in that frame and take a look at the 'serverSecurityData' fields.

You can try it with the following sample capture file and compare it with your file.

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=RDP-002.pcap.gz

Regards
Kurt

answered 25 Jun '14, 14:13

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks much Kurt - if im connecting to a host and my capture doesn't show this frame - what am i missing. the host is configured to use high security settings.

(25 Jun '14, 14:28) kevind5

what am i missing.

I don't know. Is it possible to post a sample capture file somewhere (google drive, dropbox, cloudshark.org)?

(25 Jun '14, 15:17) Kurt Knochner ♦