This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I happened to be capturing traffic on a Windows XP system while someone from China (113.108.139.62) was attempting to hack in over TCP 3389

https://www.cloudshark.org/captures/3bb89c8bbe61

Can RDP traffic captured in this file be presented as a series of screens that were shown to the client? Is there a fingerprint of the software used on the hacking system?

Thanks

asked 07 Jan '15, 09:49

net_tech's gravatar image

net_tech
116303337
accept rate: 13%


That's not an easy task to do, but you may want to read the following blog post:

http://www.contextis.co.uk/resources/blog/rdp-replay/

permanent link

answered 07 Jan '15, 10:04

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×22

question asked: 07 Jan '15, 09:49

question was seen: 12,095 times

last updated: 07 Jan '15, 10:04

p​o​w​e​r​e​d by O​S​Q​A