This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I am looking at a packet capture from a Win 7 PC connecting to a Windows 2K8R2 server using RDP. Will the frame details show me the security levels that are negotiated. The host is set to use the High encryption level. Thanks for your help.

asked 25 Jun '14, 12:05

kevind5's gravatar image

kevind5
11112
accept rate: 0%


Please apply the following display filter:

rdp.encryptionMethod

Then look at the 'Info' column of the frame. It will show the negotiated encryption method.

Alternatively, open the RDP protocol in that frame and take a look at the 'serverSecurityData' fields.

You can try it with the following sample capture file and compare it with your file.

http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=RDP-002.pcap.gz

Regards
Kurt

permanent link

answered 25 Jun '14, 14:13

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thanks much Kurt - if im connecting to a host and my capture doesn't show this frame - what am i missing. the host is configured to use high security settings.

(25 Jun '14, 14:28) kevind5

what am i missing.

I don't know. Is it possible to post a sample capture file somewhere (google drive, dropbox, cloudshark.org)?

(25 Jun '14, 15:17) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×36
×22

question asked: 25 Jun '14, 12:05

question was seen: 3,150 times

last updated: 25 Jun '14, 15:17

p​o​w​e​r​e​d by O​S​Q​A