4.6 Annotated Enhanced Security Server Redirection PDU

The following is an annotated dump of an Enhanced Security Server Redirection PDU (section 2.2.13.3.1) that was sent from a Microsoft RDP 5.1 server to a Microsoft RDP 5.1 client.

 00000000 03 00 02 1c 02 f0 80 68 00 01 03 eb 70 82 0d 0d .......h....p...
 00000010 02 0a 00 ea 03 5f 59 00 04 04 02 02 00 00 00 1d ....._Y.........
 00000020 0b 00 00 46 00 00 00 32 00 30 00 30 00 31 00 3a ...F...2.0.0.1.:
 00000030 00 34 00 38 00 39 00 38 00 3a 00 32 00 62 00 3a .4.8.9.8.:.2.b.:
 00000040 00 32 00 3a 00 39 00 64 00 65 00 37 00 3a 00 34 .2.:.9.d.e.7.:.4
 00000050 00 35 00 36 00 39 00 3a 00 66 00 62 00 33 00 39 .5.6.9.:.f.b.3.9
 00000060 00 3a 00 65 00 66 00 32 00 39 00 00 00 1c 00 00 .:.e.f.2.9......
 00000070 00 61 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 .a.d.m.i.n.i.s.t
 00000080 00 72 00 61 00 74 00 6f 00 72 00 00 00 16 00 00 .r.a.t.o.r......
 00000090 00 54 00 53 00 2d 00 53 00 54 00 52 00 45 00 53 .T.S.-.S.T.R.E.S
 000000a0 00 53 00 31 00 00 00 78 00 00 00 02 00 00 80 44 .S.1...x.......D
 000000b0 53 48 4c 02 10 f3 e3 bf b1 37 95 28 80 b7 56 f3 SHL......7.(..V.
 000000c0 7c 27 4a 43 cc 50 98 59 05 b5 6b 50 97 62 f8 cf |'JC.P.Y..kP.b..
 000000d0 c0 1b 6a 06 16 db b9 b1 ba 21 01 f4 ea 82 dc 37 ..j......!.....7
 000000e0 17 65 7d be 58 ec 34 e9 33 07 12 c1 76 8d f5 bc .e}.X.4.3...v...
 000000f0 a2 9f 2c ef 32 a7 a4 80 a9 05 f7 02 94 96 8d 95 ..,.2...........
 00000100 b8 2c db 55 4a 78 08 eb 87 10 c7 8b a9 0a e6 44 .,.UJx.........D
 00000110 ab ec 6b ee 42 bb 32 e7 b0 ef 3c ae 45 73 a6 69 ..k.B.2...<.Es.i
 00000120 69 00 00 5a 00 00 00 6a 00 69 00 61 00 7a 00 6f i..Z...j.i.a.z.o
 00000130 00 75 00 2d 00 74 00 65 00 73 00 74 00 32 00 2e .u.-.t.e.s.t.2..
 00000140 00 74 00 73 00 2d 00 73 00 74 00 72 00 65 00 73 .t.s.-.s.t.r.e.s
 00000150 00 73 00 31 00 2e 00 6e 00 74 00 74 00 65 00 73 .s.1...n.t.t.e.s
 00000160 00 74 00 2e 00 6d 00 69 00 63 00 72 00 6f 00 73 .t...m.i.c.r.o.s
 00000170 00 6f 00 66 00 74 00 2e 00 63 00 6f 00 6d 00 00 .o.f.t...c.o.m..
 00000180 00 1a 00 00 00 4a 00 49 00 41 00 5a 00 4f 00 55 .....J.I.A.Z.O.U
 00000190 00 2d 00 54 00 45 00 53 00 54 00 32 00 00 00 70 .-.T.E.S.T.2...p
 000001a0 00 00 00 02 00 00 00 46 00 00 00 32 00 30 00 30 .......F...2.0.0
 000001b0 00 31 00 3a 00 34 00 38 00 39 00 38 00 3a 00 32 .1.:.4.8.9.8.:.2
 000001c0 00 62 00 3a 00 32 00 3a 00 39 00 64 00 65 00 37 .b.:.2.:.9.d.e.7
 000001d0 00 3a 00 34 00 35 00 36 00 39 00 3a 00 66 00 62 .:.4.5.6.9.:.f.b
 000001e0 00 33 00 39 00 3a 00 65 00 66 00 32 00 39 00 00 .3.9.:.e.f.2.9..
 000001f0 00 1e 00 00 00 31 00 35 00 37 00 2e 00 35 00 39 .....1.5.7...5.9
 00000200 00 2e 00 32 00 34 00 30 00 2e 00 31 00 34 00 34 ...2.4.0...1.4.4
 00000210 00 00 00 c0 c0 c0 c0 c0 c0 c0 c0 00             ............
  
 03 00 02 1c -> TPKT Header (length = 540 bytes)
 02 f0 80 -> X.224 Data TPDU
  
 68 00 01 03 eb 70 82 0d -> PER encoded (ALIGNED variant of BASIC-PER) SendDataIndication
 initiator = 1002 (0x03ea)
 channelId = 1003 (0x03eb)
 dataPriority = high
 segmentation = begin | end
 userData length = 0x20d = 525 bytes
  
 0d 02 -> TS_SHARECONTROLHEADER::totalLength = 0x020d = 525 bytes
 0a 00 -> TS_SHARECONTROLHEADER::pduType = 0x000a = PDUTYPE_SERVER_REDIR_PKT (10)
 ea 03 -> TS_SHARECONTROLHEADER::pduSource = 0x03ea (1002)
  
 5f 59 -> TS_ENHANCED_SECURITY_SERVER_REDIRECTION::pad2Octets
  
 00 04 -> RDP_SERVER_REDIRECTION_PACKET::Flags = 0x0400 = SEC_REDIRECTION_PKT
 04 02 -> RDP_SERVER_REDIRECTION_PACKET::Length = 0x204 = 516 bytes
 02 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::SessionID = 2
  
 1d 0b 00 00 -> RDP_SERVER_REDIRECTION_PACKET::RedirFlags = 0x00000b1d
 0x00000b1d
 = 0x00000800 |
   0x00000200 | 
   0x00000100 | 
   0x00000010 | 
   0x00000008 | 
   0x00000004 | 
   0x00000001
 = LB_TARGET_NET_ADDRESSES |
   LB_TARGET_NETBIOS_NAME | 
   LB_TARGET_FQDN |
   LB_PASSWORD |
   LB_DOMAIN |
   LB_USERNAME |    
   LB_TARGET_NET_ADDRESS
  
 46 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetAddressLength = 0x46 = 70 bytes
  
 32 00 30 00 30 00 31 00 3a 00 34 00 38 00 39 00
 38 00 3a 00 32 00 62 00 3a 00 32 00 3a 00 39 00
 64 00 65 00 37 00 3a 00 34 00 35 00 36 00 39 00
 3a 00 66 00 62 00 33 00 39 00 3a 00 65 00 66 00
 32 00 39 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetAddress = "2001:4898:2b:2:9de7:4569:fb39:ef29"
  
 1c 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::UserNameLength = 0x1c = 28
  
 61 00 64 00 6d 00 69 00 6e 00 69 00 73 00 74 00 
 72 00 61 00 74 00 6f 00 72 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::UserName = "administrator"
  
 16 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::DomainLength = 0x16 = 22 bytes
  
 54 00 53 00 2d 00 53 00 54 00 52 00 45 00 53 00 
 53 00 31 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::Domain = "TS-STRESS1"
  
 78 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::PasswordLength = 0x78 = 120 bytes
  
 02 00 00 80 44 53 48 4c 02 10 f3 e3 bf b1 37 95 
 28 80 b7 56 f3 7c 27 4a 43 cc 50 98 59 05 b5 6b 
 50 97 62 f8 cf c0 1b 6a 06 16 db b9 b1 ba 21 01 
 f4 ea 82 dc 37 17 65 7d be 58 ec 34 e9 33 07 12 
 c1 76 8d f5 bc a2 9f 2c ef 32 a7 a4 80 a9 05 f7 
 02 94 96 8d 95 b8 2c db 55 4a 78 08 eb 87 10 c7 
 8b a9 0a e6 44 ab ec 6b ee 42 bb 32 e7 b0 ef 3c 
 ae 45 73 a6 69 69 00 00 -> RDP_SERVER_REDIRECTION_PACKET::Password
  
 5a 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetFQDNLength = 0x5a = 90
  
 6a 00 69 00 61 00 7a 00 6f 00 75 00 2d 00 74 00
 65 00 73 00 74 00 32 00 2e 00 74 00 73 00 2d 00
 73 00 74 00 72 00 65 00 73 00 73 00 31 00 2e 00
 6e 00 74 00 74 00 65 00 73 00 74 00 2e 00 6d 00
 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00
 2e 00 63 00 6f 00 6d 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetFQDN = "jiazou-test2.ts-stress1.nttest.microsoft.com"
  
 1a 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetBiosNameLength = 0x1a = 26
  
 4a 00 49 00 41 00 5a 00 4f 00 55 00 2d 00 54 00 
 45 00 53 00 54 00 32 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetBiosName = "JIAZOU-TEST2"
  
 70 00 00 00 -> RDP_SERVER_REDIRECTION_PACKET::TargetNetAddressesLength = 112 bytes
  
 02 00 00 00 -> TARGET_NET_ADDRESSES::addressCount = 2 
  
 46 00 00 00 -> TARGET_NET_ADDRESS::addressLength = 70 bytes
  
 32 00 30 00 30 00 31 00 3a 00 34 00 38 00 39 00 
 38 00 3a 00 32 00 62 00 3a 00 32 00 3a 00 39 00 
 64 00 65 00 37 00 3a 00 34 00 35 00 36 00 39 00 
 3a 00 66 00 62 00 33 00 39 00 3a 00 65 00 66 00 
 32 00 39 00 00 00 -> TARGET_NET_ADDRESS::address = "2001:4898:2b:2:9de7:4569:fb39:ef29"
  
 1e 00 00 00 -> TARGET_NET_ADDRESS::addressLength = 30 bytes
  
 31 00 35 00 37 00 2e 00 35 00 39 00 2e 00 32 00 
 34 00 30 00 2e 00 31 00 34 00 34 00 00 00 -> TARGET_NET_ADDRESS::address = "157.59.240.144"
  
 c0 c0 c0 c0 c0 c0 c0 c0 -> RDP_SERVER_REDIRECTION_PACKET::Pad
  
 00 -> TS_ENHANCED_SECURITY_SERVER_REDIRECTION::pad1Octet