RDP Direct Connection with NLA RDS Session Host Network Trace
Summary:
This article contains network traces from server machine for the Remote Desktop Protocol connection sequence for a direct connection (not through an RDS Gateway) from client machine. See parent articles [[articles:Remote Desktop Services RDS Logon Connectivity Overview]] and [[articles:RDP Direct Connection Process with NLA Enabled]] for additional information.
RDS Server relevant network traces (Ephemeral traffic excluded)
Client connects to RDS server TCP / UDP 3389
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:20:33.221 |
|
RDS Server |
56207 (0xDB8F) |
AD Server |
53 (0x35) |
DNS |
DNS:QueryId = 0x389B, QUERY (Standard query), Query for isatap.rds-ms.b2.internal.cloudapp.net of type Host Addr on class Internet |
21:20:33.228 |
|
AD Server |
53 (0x35) |
RDS Server |
56207 (0xDB8F) |
DNS |
DNS:QueryId = 0x389B, QUERY (Standard query), Response - Name Error |
21:20:33.706 |
Connected |
RDS Server |
50049 (0xC381) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50049, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=168657069, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:20:44.986 |
Disconnected |
RDS Server |
50049 (0xC381) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50049, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=168661087, Ack=225417990, Win=0 (scale factor 0x8) = 0 |
21:21:05.595 |
Connected |
RDS Client |
49964 (0xC32C) |
RDS Server |
3389 (0xD3D) |
TCP |
TCP:Flags=CE....S., SrcPort=49964, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=2744352433, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:05.603 |
Connected |
RDS Client |
49964 (0xC32C) |
RDS Server |
3389 (0xD3D) |
X224 |
X224:Connection Request |
21:21:05.608 |
Connected |
RDS Server |
3389 (0xD3D) |
RDS Client |
49964 (0xC32C) |
X224 |
X224:Connection Confirm |
21:21:11.849 |
|
RDS Client |
56532 (0xDCD4) |
RDS Server |
3389 (0xD3D) |
UDP |
UDP:SrcPort = 56532, DstPort = MS WBT Server(3389), Length = 1240 |
21:21:11.849 |
|
RDS Server |
3389 (0xD3D) |
RDS Client |
56532 (0xDCD4) |
UDP |
UDP:SrcPort = MS WBT Server(3389), DstPort = 56532, Length = 1240 |
21:21:11.849 |
|
RDS Client |
56533 (0xDCD5) |
RDS Server |
3389 (0xD3D) |
UDP |
UDP:SrcPort = 56533, DstPort = MS WBT Server(3389), Length = 1240 |
21:21:11.849 |
|
RDS Server |
3389 (0xD3D) |
RDS Client |
56533 (0xDCD5) |
UDP |
UDP:SrcPort = MS WBT Server(3389), DstPort = 56533, Length = 1240 |
RDS server queries AD using LDAP 389 for user authentication
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:21:11.833 |
Connected |
RDS Server |
50053 (0xC385) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50053, DstPort=LDAP(389), PayloadLen=0, Seq=2169720513, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:11.851 |
FinWait1 |
RDS Server |
50053 (0xC385) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50053, DstPort=LDAP(389), PayloadLen=0, Seq=2169722726, Ack=4020713640, Win=4121 (scale factor 0x8) = 1054976 |
21:21:11.853 |
Connected |
RDS Server |
50054 (0xC386) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50054, DstPort=LDAP(389), PayloadLen=0, Seq=2209074247, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:11.909 |
Connected |
RDS Server |
50055 (0xC387) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50055, DstPort=LDAP(389), PayloadLen=0, Seq=2954111449, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:11.940 |
FinWait1 |
RDS Server |
50055 (0xC387) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50055, DstPort=LDAP(389), PayloadLen=0, Seq=2954113704, Ack=4031538628, Win=4121 (scale factor 0x8) = 1054976 |
21:21:11.942 |
FinWait1 |
RDS Server |
50054 (0xC386) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50054, DstPort=LDAP(389), PayloadLen=0, Seq=2209076479, Ack=3154907558, Win=4119 (scale factor 0x8) = 1054464 |
RDS server connects to license server over RPC 135
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:21:11.978 |
Connected |
RDS Server |
50056 (0xC388) |
RDS License Server |
135 (0x87) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50056, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=45240749, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
RDS server gets Kerberos ticket for user and logs user on
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:21:11.994 |
Connected |
RDS Server |
50058 (0xC38A) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50058, DstPort=Kerberos(88), PayloadLen=0, Seq=4063576601, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:11.998 |
FinWait1 |
RDS Server |
50058 (0xC38A) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50058, DstPort=Kerberos(88), PayloadLen=0, Seq=4063576832, Ack=717409612, Win=4120 (scale factor 0x8) = 1054720 |
21:21:12.030 |
Connected |
RDS Server |
50059 (0xC38B) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50059, DstPort=Kerberos(88), PayloadLen=0, Seq=3245959136, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:12.037 |
FinWait1 |
RDS Server |
50059 (0xC38B) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50059, DstPort=Kerberos(88), PayloadLen=0, Seq=3245959447, Ack=3458572932, Win=4121 (scale factor 0x8) = 1054976 |
21:21:12.037 |
Connected |
RDS Server |
50060 (0xC38C) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50060, DstPort=Kerberos(88), PayloadLen=0, Seq=2590877076, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:12.041 |
FinWait1 |
RDS Server |
50060 (0xC38C) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50060, DstPort=Kerberos(88), PayloadLen=0, Seq=2590878618, Ack=700072795, Win=4121 (scale factor 0x8) = 1054976 |
21:21:12.409 |
|
RDS Server |
63203 (0xF6E3) |
AD Server |
53 (0x35) |
DNS |
DNS:QueryId = 0xEF5E, QUERY (Standard query), Query for 4.0.0.10.in-addr.arpa of type PTR on class Internet |
21:21:12.417 |
|
AD Server |
53 (0x35) |
RDS Server |
63203 (0xF6E3) |
DNS |
DNS:QueryId = 0xEF5E, QUERY (Standard query), Response - Name Error |
21:21:13.633 |
|
RDS Server |
49351 (0xC0C7) |
AD Server |
53 (0x35) |
DNS |
DNS:QueryId = 0xB8A4, QUERY (Standard query), Query for (...).ip6.arpa of type PTR on class Internet |
21:21:13.636 |
|
AD Server |
53 (0x35) |
RDS Server |
49351 (0xC0C7) |
DNS |
DNS:QueryId = 0xB8A4, QUERY (Standard query), Response - Name Error |
21:21:14.234 |
Connected |
RDS Server |
50061 (0xC38D) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50061, DstPort=Kerberos(88), PayloadLen=0, Seq=3723032653, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.236 |
FinWait1 |
RDS Server |
50061 (0xC38D) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50061, DstPort=Kerberos(88), PayloadLen=0, Seq=3723032878, Ack=2921060790, Win=4120 (scale factor 0x8) = 1054720 |
21:21:14.254 |
Connected |
RDS Server |
50062 (0xC38E) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50062, DstPort=Kerberos(88), PayloadLen=0, Seq=2394757362, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.263 |
FinWait1 |
RDS Server |
50062 (0xC38E) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50062, DstPort=Kerberos(88), PayloadLen=0, Seq=2394757667, Ack=359280590, Win=4121 (scale factor 0x8) = 1054976 |
21:21:14.263 |
Connected |
RDS Server |
50063 (0xC38F) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50063, DstPort=Kerberos(88), PayloadLen=0, Seq=541750701, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.266 |
FinWait1 |
RDS Server |
50063 (0xC38F) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50063, DstPort=Kerberos(88), PayloadLen=0, Seq=541752076, Ack=1163190864, Win=4115 (scale factor 0x8) = 1053440 |
21:21:14.388 |
Connected |
RDS Server |
50064 (0xC390) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50064, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3190045546, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.467 |
Connected |
RDS Server |
50065 (0xC391) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50065, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=1148878525, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.467 |
Connected |
RDS Server |
50066 (0xC392) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50066, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=996682467, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.468 |
Connected |
RDS Server |
50067 (0xC393) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50067, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3681154319, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.851 |
Connected |
RDS Server |
50068 (0xC394) |
AD Server |
135 (0x87) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50068, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=2483819665, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.861 |
Connected |
RDS Server |
50070 (0xC396) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50070, DstPort=Kerberos(88), PayloadLen=0, Seq=3306116795, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.864 |
FinWait1 |
RDS Server |
50070 (0xC396) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50070, DstPort=Kerberos(88), PayloadLen=0, Seq=3306118338, Ack=2754153111, Win=4121 (scale factor 0x8) = 1054976 |
21:21:14.890 |
Connected |
RDS Server |
50072 (0xC398) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50072, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3070954321, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.899 |
Connected |
RDS Server |
50073 (0xC399) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50073, DstPort=Kerberos(88), PayloadLen=0, Seq=1079617107, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.906 |
FinWait1 |
RDS Server |
50073 (0xC399) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50073, DstPort=Kerberos(88), PayloadLen=0, Seq=1079618638, Ack=3889589683, Win=4121 (scale factor 0x8) = 1054976 |
21:21:14.907 |
Connected |
RDS Server |
50074 (0xC39A) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50074, DstPort=Kerberos(88), PayloadLen=0, Seq=2358320909, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:14.908 |
FinWait1 |
RDS Server |
50074 (0xC39A) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50074, DstPort=Kerberos(88), PayloadLen=0, Seq=2358322240, Ack=1168370518, Win=4115 (scale factor 0x8) = 1053440 |
21:21:20.718 |
Connected |
RDS Server |
50075 (0xC39B) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50075, DstPort=Kerberos(88), PayloadLen=0, Seq=2650571429, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:20.722 |
FinWait1 |
RDS Server |
50075 (0xC39B) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50075, DstPort=Kerberos(88), PayloadLen=0, Seq=2650572972, Ack=810395757, Win=4121 (scale factor 0x8) = 1054976 |
21:21:21.264 |
Connected |
RDS Server |
50076 (0xC39C) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50076, DstPort=LDAP(389), PayloadLen=0, Seq=1947778519, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:21.285 |
Connected |
RDS Server |
50077 (0xC39D) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50077, DstPort=Kerberos(88), PayloadLen=0, Seq=2190197474, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:21.288 |
FinWait1 |
RDS Server |
50077 (0xC39D) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50077, DstPort=Kerberos(88), PayloadLen=0, Seq=2190199005, Ack=1972753748, Win=515 (scale factor 0x8) = 131840 |
21:21:21.428 |
Connected |
RDS Server |
50078 (0xC39E) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50078, DstPort=LDAP(389), PayloadLen=0, Seq=2801560355, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:21.779 |
FinWait1 |
RDS Server |
50078 (0xC39E) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50078, DstPort=LDAP(389), PayloadLen=0, Seq=2801562387, Ack=4095388054, Win=4119 (scale factor 0x8) = 1054464 |
21:21:21.993 |
FinWait1 |
RDS Server |
50076 (0xC39C) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50076, DstPort=LDAP(389), PayloadLen=0, Seq=1947781383, Ack=1295454375, Win=4117 (scale factor 0x8) = 1053952 |
21:21:25.542 |
FinWait1 |
RDS Server |
50068 (0xC394) |
AD Server |
135 (0x87) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50068, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=2483820162, Ack=149338963, Win=4118 (scale factor 0x8) = 1054208 |
21:21:35.988 |
Disconnected |
RDS Server |
50064 (0xC390) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50064, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3190070501, Ack=2444569668, Win=0 (scale factor 0x8) = 0 |
21:21:35.988 |
Disconnected |
RDS Server |
50065 (0xC391) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50065, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=1148889788, Ack=3152697640, Win=0 (scale factor 0x8) = 0 |
21:21:35.988 |
Disconnected |
RDS Server |
50066 (0xC392) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50066, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=996701157, Ack=2677283270, Win=0 (scale factor 0x8) = 0 |
21:21:35.988 |
Disconnected |
RDS Server |
50067 (0xC393) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50067, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3681165495, Ack=2266817574, Win=0 (scale factor 0x8) = 0 |
21:21:44.307 |
|
RDS Server |
49929 (0xC309) |
AD Server |
53 (0x35) |
DNS |
DNS:QueryId = 0xC6D9, QUERY (Standard query), Query for _ldap._tcp.Default-First-Site-Name._sites.rds-dc-1.rds-ms.lab of type SRV on class Internet |
21:21:44.308 |
|
AD Server |
53 (0x35) |
RDS Server |
49929 (0xC309) |
DNS |
DNS:QueryId = 0xC6D9, QUERY (Standard query), Response - Name Error |
21:21:47.188 |
|
RDS Server |
61272 (0xEF58) |
AD Server |
53 (0x35) |
DNS |
DNS:QueryId = 0xD50, QUERY (Standard query), Query for _ldap._tcp.rds-dc-1.rds-ms.lab of type SRV on class Internet |
21:21:47.190 |
|
AD Server |
53 (0x35) |
RDS Server |
61272 (0xEF58) |
DNS |
DNS:QueryId = 0xD50, QUERY (Standard query), Response - Name Error |
21:21:50.381 |
Connected |
RDS Server |
50079 (0xC39F) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50079, DstPort=LDAP(389), PayloadLen=0, Seq=4278336738, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:21:50.413 |
FinWait1 |
RDS Server |
50079 (0xC39F) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50079, DstPort=LDAP(389), PayloadLen=0, Seq=4278338903, Ack=477717676, Win=513 (scale factor 0x8) = 131328 |
21:21:52.813 |
|
RDS Server |
55841 (0xDA21) |
AD Server |
53 (0x35) |
DNS |
DNS:QueryId = 0xC87F, QUERY (Standard query), Query for 6.0.0.10.in-addr.arpa of type PTR on class Internet |
21:21:52.814 |
|
AD Server |
53 (0x35) |
RDS Server |
55841 (0xDA21) |
DNS |
DNS:QueryId = 0xC87F, QUERY (Standard query), Response - Name Error |
Client disconnects from RDS server
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:22:15.189 |
Disconnected |
RDS Client |
49964 (0xC32C) |
RDS Server |
3389 (0xD3D) |
TCP |
TCP:Flags=...A.R.., SrcPort=49964, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=2744392872, Ack=823247208, Win=0 |
Client reconnects to RDS Server
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:23:05.797 |
Connected |
RDS Client |
49972 (0xC334) |
RDS Server |
3389 (0xD3D) |
TCP |
TCP:Flags=CE....S., SrcPort=49972, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=1621480644, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:05.799 |
Connected |
RDS Client |
49972 (0xC334) |
RDS Server |
3389 (0xD3D) |
X224 |
X224:Connection Request |
21:23:05.810 |
Connected |
RDS Server |
3389 (0xD3D) |
RDS Client |
49972 (0xC334) |
X224 |
X224:Connection Confirm |
21:23:12.027 |
|
RDS Client |
51187 (0xC7F3) |
RDS Server |
3389 (0xD3D) |
UDP |
UDP:SrcPort = 51187, DstPort = MS WBT Server(3389), Length = 1240 |
21:23:12.032 |
|
RDS Client |
51188 (0xC7F4) |
RDS Server |
3389 (0xD3D) |
UDP |
UDP:SrcPort = 51188, DstPort = MS WBT Server(3389), Length = 1240 |
21:23:12.033 |
|
RDS Server |
3389 (0xD3D) |
RDS Client |
51187 (0xC7F3) |
UDP |
UDP:SrcPort = MS WBT Server(3389), DstPort = 51187, Length = 1240 |
21:23:12.033 |
|
RDS Server |
3389 (0xD3D) |
RDS Client |
51188 (0xC7F4) |
UDP |
UDP:SrcPort = MS WBT Server(3389), DstPort = 51188, Length = 1240 |
RDS server queries AD using LDAP 389 for user authentication
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:23:12.111 |
Connected |
RDS Server |
50081 (0xC3A1) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50081, DstPort=LDAP(389), PayloadLen=0, Seq=1379151670, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:12.164 |
Connected |
RDS Server |
50082 (0xC3A2) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50082, DstPort=LDAP(389), PayloadLen=0, Seq=2177382759, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:12.201 |
FinWait1 |
RDS Server |
50082 (0xC3A2) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50082, DstPort=LDAP(389), PayloadLen=0, Seq=2177385014, Ack=3237765927, Win=515 (scale factor 0x8) = 131840 |
21:23:12.204 |
Connected |
RDS Server |
50083 (0xC3A3) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50083, DstPort=LDAP(389), PayloadLen=0, Seq=3344037970, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:12.285 |
FinWait1 |
RDS Server |
50083 (0xC3A3) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50083, DstPort=LDAP(389), PayloadLen=0, Seq=3344040225, Ack=426106924, Win=4121 (scale factor 0x8) = 1054976 |
21:23:12.285 |
FinWait1 |
RDS Server |
50081 (0xC3A1) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50081, DstPort=LDAP(389), PayloadLen=0, Seq=1379153902, Ack=4129069406, Win=4118 (scale factor 0x8) = 1054208 |
21:23:14.770 |
Connected |
RDS Server |
50084 (0xC3A4) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50084, DstPort=Kerberos(88), PayloadLen=0, Seq=2141886002, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:14.777 |
FinWait1 |
RDS Server |
50084 (0xC3A4) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50084, DstPort=Kerberos(88), PayloadLen=0, Seq=2141886227, Ack=1472959411, Win=4120 (scale factor 0x8) = 1054720 |
21:23:14.790 |
Connected |
RDS Server |
50085 (0xC3A5) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50085, DstPort=Kerberos(88), PayloadLen=0, Seq=3346243589, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:14.811 |
FinWait1 |
RDS Server |
50085 (0xC3A5) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50085, DstPort=Kerberos(88), PayloadLen=0, Seq=3346243893, Ack=3118334930, Win=4121 (scale factor 0x8) = 1054976 |
21:23:14.811 |
Connected |
RDS Server |
50086 (0xC3A6) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50086, DstPort=Kerberos(88), PayloadLen=0, Seq=1219468062, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:14.818 |
FinWait1 |
RDS Server |
50086 (0xC3A6) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50086, DstPort=Kerberos(88), PayloadLen=0, Seq=1219469437, Ack=1722508809, Win=4115 (scale factor 0x8) = 1053440 |
21:23:14.923 |
Connected |
RDS Server |
50087 (0xC3A7) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50087, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3145033242, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:14.955 |
Connected |
RDS Server |
50088 (0xC3A8) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50088, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=4241683270, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:14.955 |
Connected |
RDS Server |
50089 (0xC3A9) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50089, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3949512830, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:14.956 |
Connected |
RDS Server |
50090 (0xC3AA) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50090, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=2357679405, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:15.332 |
Connected |
RDS Server |
50091 (0xC3AB) |
AD Server |
135 (0x87) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50091, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=1049565372, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:15.343 |
Connected |
RDS Server |
50093 (0xC3AD) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50093, DstPort=Kerberos(88), PayloadLen=0, Seq=1628009195, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:15.352 |
FinWait1 |
RDS Server |
50093 (0xC3AD) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50093, DstPort=Kerberos(88), PayloadLen=0, Seq=1628010738, Ack=1671622849, Win=4121 (scale factor 0x8) = 1054976 |
21:23:15.672 |
Connected |
RDS Server |
50094 (0xC3AE) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50094, DstPort=LDAP(389), PayloadLen=0, Seq=3337827057, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:15.674 |
Connected |
RDS Server |
50095 (0xC3AF) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50095, DstPort=Kerberos(88), PayloadLen=0, Seq=1478733766, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:15.676 |
FinWait1 |
RDS Server |
50095 (0xC3AF) |
AD Server |
88 (0x58) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50095, DstPort=Kerberos(88), PayloadLen=0, Seq=1478735297, Ack=172072244, Win=4121 (scale factor 0x8) = 1054976 |
21:23:15.706 |
Connected |
RDS Server |
50096 (0xC3B0) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50096, DstPort=LDAP(389), PayloadLen=0, Seq=3581138662, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:16.065 |
FinWait1 |
RDS Server |
50096 (0xC3B0) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50096, DstPort=LDAP(389), PayloadLen=0, Seq=3581140697, Ack=1249198065, Win=4119 (scale factor 0x8) = 1054464 |
21:23:16.078 |
FinWait1 |
RDS Server |
50094 (0xC3AE) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50094, DstPort=LDAP(389), PayloadLen=0, Seq=3337829573, Ack=1545874176, Win=4117 (scale factor 0x8) = 1053952 |
21:23:21.471 |
Connected |
RDS Server |
50097 (0xC3B1) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50097, DstPort=LDAP(389), PayloadLen=0, Seq=4226540773, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 |
21:23:21.492 |
FinWait1 |
RDS Server |
50097 (0xC3B1) |
AD Server |
389 (0x185) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50097, DstPort=LDAP(389), PayloadLen=0, Seq=4226542938, Ack=684672697, Win=4119 (scale factor 0x8) = 1054464 |
21:23:25.541 |
FinWait1 |
RDS Server |
50091 (0xC3AB) |
AD Server |
135 (0x87) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50091, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=1049565701, Ack=342135618, Win=4119 (scale factor 0x8) = 1054464 |
21:23:29.005 |
Disconnected |
RDS Server |
50087 (0xC3A7) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50087, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3145050195, Ack=1060459561, Win=0 (scale factor 0x8) = 0 |
21:23:29.005 |
Disconnected |
RDS Server |
50088 (0xC3A8) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50088, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=4241691189, Ack=883479323, Win=0 (scale factor 0x8) = 0 |
21:23:29.005 |
Disconnected |
RDS Server |
50089 (0xC3A9) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50089, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3949530365, Ack=871192864, Win=0 (scale factor 0x8) = 0 |
21:23:29.005 |
Disconnected |
RDS Server |
50090 (0xC3AA) |
AD Server |
445 (0x1BD) |
TCP |
TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50090, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=2357687353, Ack=2990482742, Win=0 (scale factor 0x8) = 0 |
RDS server disconnects from license server over RPC 135 due to inactivity timeout
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:24:05.625 |
FinWait1 |
RDS Server |
50056 (0xC388) |
RDS License Server |
135 (0x87) |
TCP |
TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50056, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=45241078, Ack=4113178518, Win=4119 (scale factor 0x8) = 1054464 |
Client disconnects from RDS server
Time Of Day |
TCP Frame Flags |
Source |
Source Port |
Destination |
Destination Port |
Protocol |
Description |
21:24:21.918 |
Disconnected |
RDS Client |
49972 (0xC334) |
RDS Server |
3389 (0xD3D) |
TCP |
TCP:Flags=...A.R.., SrcPort=49972, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=1621534491, Ack=2510014433, Win=0 |