Export (0) Print
Expand All

4.6 Annotated Enhanced Security Server Redirection PDU

The following is an annotated dump of an Enhanced Security Server Redirection PDU (section 2.2.13.3.1) that was sent from a Microsoft RDP 5.1 server to a Microsoft RDP 5.1 client.

00000000 03 00 02 1c 02 f0 80 68 00 01 03 eb 70 82 0d 0d .......h....p...
00000010 02 0a 00 ea 03 5f 59 00 04 04 02 02 00 00 00 1d ....._Y.........
00000020 0b 00 00 46 00 00 00 32 00 30 00 30 00 31 00 3a ...F...2.0.0.1.:
00000030 00 34 00 38 00 39 00 38 00 3a 00 32 00 62 00 3a .4.8.9.8.:.2.b.:
00000040 00 32 00 3a 00 39 00 64 00 65 00 37 00 3a 00 34 .2.:.9.d.e.7.:.4
00000050 00 35 00 36 00 39 00 3a 00 66 00 62 00 33 00 39 .5.6.9.:.f.b.3.9
00000060 00 3a 00 65 00 66 00 32 00 39 00 00 00 1c 00 00 .:.e.f.2.9......
00000070 00 61 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 .a.d.m.i.n.i.s.t
00000080 00 72 00 61 00 74 00 6f 00 72 00 00 00 16 00 00 .r.a.t.o.r......
00000090 00 54 00 53 00 2d 00 53 00 54 00 52 00 45 00 53 .T.S.-.S.T.R.E.S
000000a0 00 53 00 31 00 00 00 78 00 00 00 02 00 00 80 44 .S.1...x.......D
000000b0 53 48 4c 02 10 f3 e3 bf b1 37 95 28 80 b7 56 f3 SHL......7.(..V.
000000c0 7c 27 4a 43 cc 50 98 59 05 b5 6b 50 97 62 f8 cf |'JC.P.Y..kP.b..
000000d0 c0 1b 6a 06 16 db b9 b1 ba 21 01 f4 ea 82 dc 37 ..j......!.....7
000000e0 17 65 7d be 58 ec 34 e9 33 07 12 c1 76 8d f5 bc .e}.X.4.3...v...
000000f0 a2 9f 2c ef 32 a7 a4 80 a9 05 f7 02 94 96 8d 95 ..,.2...........
00000100 b8 2c db 55 4a 78 08 eb 87 10 c7 8b a9 0a e6 44 .,.UJx.........D
00000110 ab ec 6b ee 42 bb 32 e7 b0 ef 3c ae 45 73 a6 69 ..k.B.2...<.Es.i
00000120 69 00 00 5a 00 00 00 6a 00 69 00 61 00 7a 00 6f i..Z...j.i.a.z.o
00000130 00 75 00 2d 00 74 00 65 00 73 00 74 00 32 00 2e .u.-.t.e.s.t.2..
00000140 00 74 00 73 00 2d 00 73 00 74 00 72 00 65 00 73 .t.s.-.s.t.r.e.s
00000150 00 73 00 31 00 2e 00 6e 00 74 00 74 00 65 00 73 .s.1...n.t.t.e.s
00000160 00 74 00 2e 00 6d 00 69 00 63 00 72 00 6f 00 73 .t...m.i.c.r.o.s
00000170 00 6f 00 66 00 74 00 2e 00 63 00 6f 00 6d 00 00 .o.f.t...c.o.m..
00000180 00 1a 00 00 00 4a 00 49 00 41 00 5a 00 4f 00 55 .....J.I.A.Z.O.U
00000190 00 2d 00 54 00 45 00 53 00 54 00 32 00 00 00 70 .-.T.E.S.T.2...p
000001a0 00 00 00 02 00 00 00 46 00 00 00 32 00 30 00 30 .......F...2.0.0
000001b0 00 31 00 3a 00 34 00 38 00 39 00 38 00 3a 00 32 .1.:.4.8.9.8.:.2
000001c0 00 62 00 3a 00 32 00 3a 00 39 00 64 00 65 00 37 .b.:.2.:.9.d.e.7
000001d0 00 3a 00 34 00 35 00 36 00 39 00 3a 00 66 00 62 .:.4.5.6.9.:.f.b
000001e0 00 33 00 39 00 3a 00 65 00 66 00 32 00 39 00 00 .3.9.:.e.f.2.9..
000001f0 00 1e 00 00 00 31 00 35 00 37 00 2e 00 35 00 39 .....1.5.7...5.9
00000200 00 2e 00 32 00 34 00 30 00 2e 00 31 00 34 00 34 ...2.4.0...1.4.4
00000210 00 00 00 c0 c0 c0 c0 c0 c0 c0 c0 00             ............

03 00 02 1c -> TPKT Header (length = 540 bytes)
02 f0 80 -> X.224 Data TPDU

68 00 01 03 eb 70 82 0d -> PER encoded (ALIGNED variant of BASIC-PER) SendDataIndication
initiator = 1002 (0x03ea)
channelId = 1003 (0x03eb)
dataPriority = high
segmentation = begin | end
userData length = 0x20d = 525 bytes

0d 02 -> TS_SHARECONTROLHEADER::totalLength = 0x020d = 525 bytes
0a 00 -> TS_SHARECONTROLHEADER::pduType = 0x000a = PDUTYPE_SERVER_REDIR_PKT (10)
ea 03 -> TS_SHARECONTROLHEADER::pduSource = 0x03ea (1002)

5f 59 -> TS_ENHANCED_SECURITY_SERVER_REDIRECTION::pad2Octets

00 04 -> RDP_SERVER_REDIRECTION_PACKET::Flags = 0x0400 = SEC_REDIRECTION_PKT
04 02 -> RDP_SERVER_REDIRECTION_PACKET::Length = 0x204 = 516 bytes
02 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::SessionID = 2

1d 0b 00 00 -> RDP_SERVER_REDIRECTION_PACKET::RedirFlags = 0x00000b1d
0x00000b1d
= 0x00000800 |
  0x00000200 | 
  0x00000100 | 
  0x00000010 | 
  0x00000008 | 
  0x00000004 | 
  0x00000001
= LB_TARGET_NET_ADDRESSES |
  LB_TARGET_NETBIOS_NAME | 
  LB_TARGET_FQDN |
  LB_PASSWORD |
  LB_DOMAIN |
  LB_USERNAME |    
  LB_TARGET_NET_ADDRESS

46 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetAddressLength = 0x46 = 70 bytes

32 00 30 00 30 00 31 00 3a 00 34 00 38 00 39 00
38 00 3a 00 32 00 62 00 3a 00 32 00 3a 00 39 00
64 00 65 00 37 00 3a 00 34 00 35 00 36 00 39 00
3a 00 66 00 62 00 33 00 39 00 3a 00 65 00 66 00
32 00 39 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetAddress = "2001:4898:2b:2:9de7:4569:fb39:ef29"

1c 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::UserNameLength = 0x1c = 28

61 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00 
72 00 61 00 74 00 6f 00 72 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::UserName = "administrator"

16 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::DomainLength = 0x16 = 22 bytes

54 00 53 00 2d 00 53 00 54 00 52 00 45 00 53 00 
53 00 31 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::Domain = "TS-STRESS1"

78 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::PasswordLength = 0x78 = 120 bytes

02 00 00 80 44 53 48 4c 02 10 f3 e3 bf b1 37 95 
28 80 b7 56 f3 7c 27 4a 43 cc 50 98 59 05 b5 6b 
50 97 62 f8 cf c0 1b 6a 06 16 db b9 b1 ba 21 01 
f4 ea 82 dc 37 17 65 7d be 58 ec 34 e9 33 07 12 
c1 76 8d f5 bc a2 9f 2c ef 32 a7 a4 80 a9 05 f7 
02 94 96 8d 95 b8 2c db 55 4a 78 08 eb 87 10 c7 
8b a9 0a e6 44 ab ec 6b ee 42 bb 32 e7 b0 ef 3c 
ae 45 73 a6 69 69 00 00 -> RDP_SERVER_REDIRECTION_PACKET::Password

5a 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetFQDNLength = 0x5a = 90

6a 00 69 00 61 00 7a 00 6f 00 75 00 2d 00 74 00
65 00 73 00 74 00 32 00 2e 00 74 00 73 00 2d 00
73 00 74 00 72 00 65 00 73 00 73 00 31 00 2e 00
6e 00 74 00 74 00 65 00 73 00 74 00 2e 00 6d 00
69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00
2e 00 63 00 6f 00 6d 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetFQDN = "jiazou-test2.ts-stress1.nttest.microsoft.com"

1a 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetBiosNameLength = 0x1a = 26

4a 00 49 00 41 00 5a 00 4f 00 55 00 2d 00 54 00 
45 00 53 00 54 00 32 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetBiosName = "JIAZOU-TEST2"

70 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetAddressesLength = 112 bytes

02 00 00 00 -> TARGET_NET_ADDRESSES::addressCount = 2 

46 00 00 00 -> TARGET_NET_ADDRESS::addressLength = 70 bytes

32 00 30 00 30 00 31 00 3a 00 34 00 38 00 39 00 
38 00 3a 00 32 00 62 00 3a 00 32 00 3a 00 39 00 
64 00 65 00 37 00 3a 00 34 00 35 00 36 00 39 00 
3a 00 66 00 62 00 33 00 39 00 3a 00 65 00 66 00 
32 00 39 00 00 00 -> TARGET_NET_ADDRESS::address = "2001:4898:2b:2:9de7:4569:fb39:ef29"

1e 00 00 00 -> TARGET_NET_ADDRESS::addressLength = 30 bytes

31 00 35 00 37 00 2e 00 35 00 39 00 2e 00 32 00 
34 00 30 00 2e 00 31 00 34 00 34 00 00 00 -> TARGET_NET_ADDRESS::address = "157.59.240.144"

c0 c0 c0 c0 c0 c0 c0 c0 -> RDP_SERVER_REDIRECTION_PACKET::Pad

00 -> TS_ENHANCED_SECURITY_SERVER_REDIRECTION::pad1Octet
 
Show:
© 2015 Microsoft