I can look if asn2wrs could generate at least some usefull code for T.128 Legacy mode.
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > ronnie sahlberg > Sent: Wednesday, October 24, 2007 10:09 PM > To: Developer support list for Wireshark > Subject: Re: [Wireshark-dev] decoding Remote Desktop Protocol > > I think RDP is just using T.126 with some extra extensions. > As far as I recall it is using the old legacy encoding and > not ASN PER. > > I did find some documentation about this a long time ago but never had > any traces/nor real interest in implementing it. > > It should be possible to find the T.126 family as well as the old > legacy encoding through google. > (the old legacy encoding means the dissector has to be written by hand > since asn2wrs can not be used) > > > On 10/25/07, DePriest, Jason R. <[EMAIL PROTECTED]> wrote: > > After Tenable announced that they are going to have operating system > > detection based on Remote Desktop fingerprinting available to Direct > > Feed customers > (http://blog.tenablesecurity.com/2007/10/windows-operati.html), > > I thought it would be great to figure out how they are doing that. > > > > Unfortunately, I can't seem to locate any good technical > documentation > > on how RDP does what it does. > > > > I considered looking at the linux programs that use it > (rdesktop) and > > trying to read their code, but I don't write code myself so it would > > be hit or miss. > > > > RDP is Microsoft's baby and I don't know where to look for > in depth docs on it. > > > > Does anyone have a link or two to some helpful stuff that would help > > me break the code? Or will I just need to figure it the hard way? > > > > Thanks! > > > > -Jason > > > > -- > > NOTICE: This email is being sent in clear-text across the public > > Internet. Therefore, any attempts to include unenforceable legalese > > restrictions are ridiculous and pointless. If you can read this, > > consider yourself authorized (whether I like it or not). > > _______________________________________________ > > Wireshark-dev mailing list > > [email protected] > > http://www.wireshark.org/mailman/listinfo/wireshark-dev > > > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
