This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

RDP session analysis

0

I happened to be capturing traffic on a Windows XP system while someone from China (113.108.139.62) was attempting to hack in over TCP 3389

https://www.cloudshark.org/captures/3bb89c8bbe61

Can RDP traffic captured in this file be presented as a series of screens that were shown to the client? Is there a fingerprint of the software used on the hacking system?

Thanks

asked 07 Jan '15, 09:49

net_tech's gravatar image

net_tech
116303337
accept rate: 13%


One Answer:

1

That's not an easy task to do, but you may want to read the following blog post:

http://www.contextis.co.uk/resources/blog/rdp-replay/

answered 07 Jan '15, 10:04

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%