Steve Elliott
Steve Elliott
You cannot really play without the packets as they have to be in order and with the correct timing information. Adding headers will not give you enough information, and the...
Please check that you recorded the PCAP correctly. I would expect to see some message to be output if the replay software finds a valid TCP stream on port 3389.
I recorded with wireshark, no filter.
On you Ubuntu box, run this `tcpdump -r rdp.pcap | head` so that I can check that the pcap has data, and the ports are OK.
You might want to check you have the correct key. Open the pcap in wireshark, and decode as SSL. You want to look at the server's certificate message: `Handshake -...
I just remembered that it's likely to be using DHE to exchange the session key. This does not use the private key, and so we do not have a way...
There is no way to use that PCAP. When I set this up the (Linux) client offered several DHE options, but the (Windows 7) server chose TLS_RSA_WITH_AES_128_CBC_SHA, so I didn't...
Microsoft changed the defaults about 15 months ago, and MS servers now seem to prefer DH. Good that we know why it is not working.
Do you get any output at all from rdp_replay? I would expect something like ``` RDP SSL MODE Requested by server!! SSL private key found. ``` Or even ``` RDP...
Looks like there is a real problem here. Will look into it.