mirrors/FreeRDP
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

RDPUDP dissector: cookie hash is present in SYN packet instead of SYN/ACK

Browse Source
This commit is contained in:
David Fort 2021-05-20 14:54:36 +02:00 committed by akallabeth
parent 1d53117508
commit 4ec6014964
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tools/wireshark/rdp-udp.lua
View File

@ -289,13 +289,15 @@ function dissectV1(tvbuf, pktinfo, tree)
local versionVal = tvbuf:range(startAt, 2):uint()
startAt = startAt + 2
if haveAck and versionVal == 0x101 then
synexItem:add(pf_udp_synex_cookiehash, tvbuf:range(startAt, 32))
startAt = startAt + 32
-- switch to UDP2
tableRecord.switchToUdp2 = pktinfo.number
end
if versionVal == 0x101 then
if not haveAck then
synexItem:add(pf_udp_synex_cookiehash, tvbuf:range(startAt, 32))
startAt = startAt + 32
else
-- switch to UDP2
tableRecord.switchToUdp2 = pktinfo.number
end
end
end
local mask = RDPUDP_SYN + RDPUDP_ACK