Wireshark-dev: [Wireshark-dev] decoding Remote Desktop Protocol
From: "DePriest, Jason R." <[email protected]>
Date: Wed, 24 Oct 2007 11:39:15 -0500
After Tenable announced that they are going to have operating system
detection based on Remote Desktop fingerprinting available to Direct
Feed customers (http://blog.tenablesecurity.com/2007/10/windows-operati.html),
I thought it would be great to figure out how they are doing that.

Unfortunately, I can't seem to locate any good technical documentation
on how RDP does what it does.

I considered looking at the linux programs that use it (rdesktop) and
trying to read their code, but I don't write code myself so it would
be hit or miss.

RDP is Microsoft's baby and I don't know where to look for in depth docs on it.

Does anyone have a link or two to some helpful stuff that would help
me break the code?  Or will I just need to figure it the hard way?



NOTICE:  This email is being sent in clear-text across the public
Internet.  Therefore, any attempts to include unenforceable legalese
restrictions are ridiculous and pointless.  If you can read this,
consider yourself authorized (whether I like it or not).