Decrypting RDP Traffic with Message Analyzer

Decrypting RDP Traffic with Message Analyzer
10/3/2017 Decrypting RDP Traffic with Message Analyzer Bryan S. Burgin Sr. Escalation Engineer/Open Specifications Microsoft (Oct 28, 2014) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introduction Bryan S. Burgin, Sr. Escalation Engineer
Microsoft Consumer Channels and Central Marketing Group 10/3/2017 Introduction Bryan S. Burgin, Sr. Escalation Engineer At Microsoft 14 years Ten years supporting WDK (Windows Driver Kit) Focus: Networking (NDIS) drivers and general Kernel (i.e., USB devices) Four+ years supporting Open Specifications/Interoperability Focus: File Sharing (SMBx), Remote Desktop (RDP) Team responsible for supporting protocol technical documents (Open Specifications) Via Via Plugfests and Interoperability Lab engagements © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/3/2017 7:51 AM Defining the Problem Viewing unencrypted, uncompressed RDP traffic Windows-to-Windows in both directions is difficult. Viewing unencrypted traffic: Server to Client (any client) is easy Just tweak the registry (MinEncryptionLevel/SecurityLayer) Non-Microsoft Client to Server is easy Most third-party RDP clients offer switches to disable client-to-server encryption. Microsoft Client (MSTSC) to Server is HARD Thus: at least half the RDP traffic with MSTSC is always encrypted Definitions: “Server-side” is the target of the RDP connection, the machine being remoted into. “Client-side” is the machine running MSTSC © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10/3/2017 7:51 AM Today’s Goal To share a technique to observe Windows-to-Windows RDP traffic using Message Analyzer [Mirrors and replaces previous presentations using NmDecrypt and Network Monitor] © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Pros and Cons: Netmon v MA (RDP)
10/3/2017 7:51 AM Pros and Cons: Netmon v MA (RDP) Network Monitor/NmDecrypt advantages  Available now Mature parsers Network Monitor/NmDecrypt disadvantages  Slow: must capture, save, re-load, then decrypt traffic No parser development for new protocols No future investment (UDP, TLS 1.2…) Message Analyzer advantages  Faster: live decryption/parsing Can decrypt multiple TLS conversations concurrently Focus of all future investments Message Analyzer disadvantages  Parsers not yet proven © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Details: Agenda Make and export a certificate Server-side preparation
Client-side preparation Installing Message Analyzer Capturing and analyzing traffic What’s next Close Demo References Getting help © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Make and Export the Certificate…
10/3/2017 7:51 AM Make and Export the Certificate… Only needs to be done once in a lifetime. (or, until the certificate expires) Can be made on any machine. Make a certificate using MAKECERT. Bing “makecert.exe”: (available via Windows Driver Kit) (available via SDK) (available via other toolkits) Export the cert to a Personal Informational Exchange (.PFX) file Import/copy the certificate (via PFX) wherever it will be used: On the server-side system On the machine you’re running Network Monitor and NmDecrypt © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

…Make and Export the Certificate
10/3/2017 7:51 AM …Make and Export the Certificate © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Enable RDP Note: Do NOT check Network Level Authentication
10/3/2017 7:51 AM Enable RDP Note: Do NOT check Network Level Authentication © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Import Certificate (W7 method)
10/3/2017 7:51 AM Import Certificate (W7 method) Import certificate via Microsoft Management Console (MMC): Add certificate snap-in for Computer Account Go to Personal, Certificates, right-click All Tasks and select Import Browse to .PFX file “Place all certificates…”, specify “Personal” © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Import Certificate (W8/W10 method)
10/3/2017 7:51 AM Import Certificate (W8/W10 method) Double-click .PFX file Import to Local Machine To the Personal Store © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Set Certificate Permissions
10/3/2017 7:51 AM Set Certificate Permissions Run MMC, use Certificate plug-in for Local Computer Find certificate in the local store Right-click, All-Tasks, Manage Private Keys Add NETWORK SERVICE © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Get Certificate’s Thumbprint
10/3/2017 7:51 AM Get Certificate’s Thumbprint To use the certificate, RDP needs to know the certificate’s SSL SHA1 HASH (a.k.a. Thumbprint): Run MMC, go to Local Machine/Personal Certificates Find certificate, Double-click, Details Tab, find Thumbprint Record this value For any given certificate, the HASH is always the same © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Identify Certificate to RDP
10/3/2017 7:51 AM Identify Certificate to RDP Identify certificate’s SHA1 HASH to RDP Enter as HKLM\System\CCS\Control\Terminal Server\Winstations\RDP-Tcp (Binary) SSLCertificateSHA1Hash The RDP server will now use this certificate for encryption © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Set RDP Security (W7 Only)
10/3/2017 7:51 AM Set RDP Security (W7 Only) Windows 7 ONLY; Windows 8 defaults are okay Set HKLM\System\CCS\Control\Terminal Server\Winstations\RDP-Tcp: MinEncryptionLevel = 3 (TS_ENCRYPTION_LEVEL_HIGH) SecurityLayer = 2 (TS_SECURITY_LAYER_SSL) © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Disable ServerClient Compression
10/3/2017 7:51 AM Disable ServerClient Compression Disable server-side compression (server-to-client packets): Run GPEDIT, find: »Local Computer Policy »Computer Configuration »Administrative Templates »Windows Components »Remote Desktop Services »Remote Desktop Session Host »Remote Session Environment »Configure compression for RemoteFX data Enable the policy Set to “Do not use a compression algorithm” © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Disable Bandwidth Detection (W8/W10)
10/3/2017 7:51 AM Disable Bandwidth Detection (W8/W10) RDP8 will send/receive ~3000 frames to detect network conditions (bandwidth) at initial connect (RTT, Kb/sec): Disabling bandwidth detection reduces overhead, yields smaller and faster traces Solution: disable network bandwidth detection; via GPEdit »Local Computer Policy »Computer Configuration »Administrative Templates »Windows Components »Remote Desktop Services »Remote Desktop Session Host » Connections » Select network detection on the server “Turn off Connect Time & Continuous NW Detect” © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Disable Bulk ClientServer Compression
10/3/2017 7:51 AM Disable Bulk ClientServer Compression Run MSTSC Enter remote system’s address/name Press “Show Options”, select “Save As” Save configuration (.RDP file) Open .RDP file (using Notepad), set compression to zero compression:i:0 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

(Optional) Set Specific Compression
10/3/2017 7:51 AM (Optional) Set Specific Compression If you want the client to use a specific compression algorithm: HKLM\Software\Microsoft\Terminal Server Client\MaxRdpCompressionLevel 0 = “RDP 4” (8K) 1 = “RDP 5” (64K) 2 = “RDP 6” (64K NCRUSH) 3 = “RDP 6.1” (XCRUSH) 4 = “RDP 8” (RDP8) Sets [MS-RDPBCGR] ClientInfoPDU flag CompressionTypeMask © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

TLS 1.2 Okay NetMon’s NmDecrypt expert did NOT support TLS 1.2
10/3/2017 7:51 AM TLS 1.2 Okay NetMon’s NmDecrypt expert did NOT support TLS 1.2 This required client-side to disable TLS 1.2 (fallback to 1.1/1.0) Message Analyzer's decryption tool supports TLS 1.2 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Cipher Suites: Elliptical Curves
10/3/2017 7:51 AM Cipher Suites: Elliptical Curves Windows 10 uses elliptical curve cipher suites by default: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA {0xc0, 0x14} (in list of client-supported packages in TLS handshake) Neither NetMon/NmDecrypt nor Message Analyizer handles Edit GPEDIT, Computer Configuration, Administrative Templates, Network, SSL Configuration Settings “SSL Cipher Suite Order” to only list a known-supported suite. I use “TLS_RSA_WITH_AES_128_CBC_SHA” © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Disable Extended Master Secret RFC7627
10/3/2017 7:51 AM Disable Extended Master Secret RFC7627 Windows added to the TLS Client Hello the extension “Extended Master Secret” RFC 7627. MA fails to decrypt if it encounters it. Shows up as “unknown extension type” 0x0017 To disable, set: HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel: DisableClientExtendedMasterSecret (DWORD) = 1 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Disable UDP (W8/W10 Only) RDP 8 uses both TCP and UDP
10/3/2017 7:51 AM Disable UDP (W8/W10 Only) RDP 8 uses both TCP and UDP Message Analyzer does not decrypt UDP/DTLS frames (yet) Solution: Disable UDP; force TCP only Run REGEDIT Create HKLM\Software\Microsoft\Terminal Server Client\DisableUDPTransport (DWORD) = 1 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Message Analyzer Install Points
Message Analyzer may be installed on: The RDP server (remote computer) The RDP client (if Windows) The Hyper-V system hosting the server and/or client Via another system via Remote Capture The Certificate (.PFX file) must reside on the MA system

Install Message Analyzer

Find on App screen, pin to Start/Taskbar

Installation on VM? Use two CPUs

Using Message Analyzer for RDP
Find application, right-click, run as Administrator Administrator rights enables packet capture Before capturing/viewing: specify certificates You can supply credentials for multiple certificates Capture/Trace: Local Network Interfaces (Win 8.1 and later) Click on File, Quick Trace, select Local network Interfaces (Win 8.1 and later), press Start Different selections for Windows 8 v 8.1/Server 2012 v 2012 R2 Capturing begins Be sure to start capture BEFORE RDP connection; MA must see TLS handshake Begin Remote Desktop session

Right-click, select Run as Administrator

Always set Decryption Options First

Add Cert, check box, enter password

Start trace: File, Quick Trace, Local Net

Capturing Begins: Decryption real-time

From client, start RDP (using .RDP link)

Analyze RDP Traffic

Analyze RDP Traffic Filter: RDPEUSB Hide Operations Frame Layers
Warning/ Error Message Stack and Details

Saving: Save as .matp

What’s Next? Work on improving the parsers:
OPN Parsers have never been exercised until now with decrypted traffic Add support to decrypt DTLS and RDP over UDP Traffic ) RDP over UDP (using [MS-RDPEUDP] and [MS-RDPEMT]) has unique challenges.

(Demo here)

Resources… www.microsoft.com/protocols
10/3/2017 7:51 AM Resources… Microsoft Open Specifications Link to Documentation Library (specifications) Link to Open Specifications Forums Raising protocol specification questions ONLY for protocol questions, not product support Open Specifications Team Blog Channel9.MSDN.com Contains recordings for most Plugfest presentations . © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

…Resources How to get Message Analyzer Download via Connect
10/3/2017 7:51 AM …Resources How to get Message Analyzer Download via Connect . © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

How to get Help on Specifications
10/3/2017 7:51 AM How to get Help on Specifications 1:1, private Monitored by support 24x7 Issues acknowledged with in 24 hours Post to a Microsoft Open Specifications Forum 1:many, public Community of industry implementers Moderated by Microsoft Issues become support cases for tracking Open Specifications Support is free © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Help us help you: Asking good questions
10/3/2017 7:51 AM Help us help you: Asking good questions Clear problem description Document short name (e.g. [MS-RDPEUSB]) Section (e.g Add Virtual Channel) Doc version (e.g. v ) Impact to your project (Blocking? Just feedback?) Multiple issues: Provide priorities Include sample files, traces, notes © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Out-of-Scope Questions
Problems NOT related to the Open Specifications documentation: ) Product questions (non-Open Specifications related) Deployment Questions Implementation choices (how do I implement a feature) Will be redirected toward traditional support channels Legal questions (redirected to: Licensing questions (redirected to: If in doubt, ask.

How to get Help on Message Analyzer
Blog: Operating Guide Technet Forum: ) Message Analyzer is NOT supported via Dochelp

Q&A dochelp@microsoft.com http://www.microsoft.com/protocols
10/3/2017 7:51 AM Q&A © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Decrypting RDP Traffic with Message Analyzer

Similar presentations

Presentation on theme: "Decrypting RDP Traffic with Message Analyzer"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

Decrypting RDP Traffic with Message Analyzer

Similar presentations

Presentation on theme: "Decrypting RDP Traffic with Message Analyzer"— Presentation transcript:

Similar presentations

About project

Feedback