Summary:

This article contains network traces from server machine for the Remote Desktop Protocol connection sequence for a direct connection (not through an RDS Gateway) from client machine. See parent articles Remote Desktop Services RDS Logon Connectivity Overview and RDP Direct Connection Process with NLA Enabled for additional information.

RDS Server relevant network traces  (Ephemeral traffic excluded)

Client connects to RDS server TCP / UDP 3389

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:20:33.221

 

RDS Server

56207 (0xDB8F)

AD Server

53 (0x35)

DNS

DNS:QueryId = 0x389B, QUERY (Standard query), Query  for isatap.rds-ms.b2.internal.cloudapp.net of type Host Addr on class Internet

21:20:33.228

 

AD Server

53 (0x35)

RDS Server

56207 (0xDB8F)

DNS

DNS:QueryId = 0x389B, QUERY (Standard query), Response - Name Error

21:20:33.706

Connected

RDS Server

50049 (0xC381)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50049, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=168657069, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:20:44.986

Disconnected

RDS Server

50049 (0xC381)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50049, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=168661087, Ack=225417990, Win=0 (scale factor 0x8) = 0

21:21:05.595

Connected

RDS Client

49964 (0xC32C)

RDS Server

3389 (0xD3D)

TCP

TCP:Flags=CE....S., SrcPort=49964, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=2744352433, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:05.603

Connected

RDS Client

49964 (0xC32C)

RDS Server

3389 (0xD3D)

X224

X224:Connection Request

21:21:05.608

Connected

RDS Server

3389 (0xD3D)

RDS Client

49964 (0xC32C)

X224

X224:Connection Confirm

21:21:11.849

 

RDS Client

56532 (0xDCD4)

RDS Server

3389 (0xD3D)

UDP

UDP:SrcPort = 56532, DstPort = MS WBT Server(3389), Length = 1240

21:21:11.849

 

RDS Server

3389 (0xD3D)

RDS Client

56532 (0xDCD4)

UDP

UDP:SrcPort = MS WBT Server(3389), DstPort = 56532, Length = 1240

21:21:11.849

 

RDS Client

56533 (0xDCD5)

RDS Server

3389 (0xD3D)

UDP

UDP:SrcPort = 56533, DstPort = MS WBT Server(3389), Length = 1240

21:21:11.849

 

RDS Server

3389 (0xD3D)

RDS Client

56533 (0xDCD5)

UDP

UDP:SrcPort = MS WBT Server(3389), DstPort = 56533, Length = 1240

 

RDS server queries AD using LDAP 389 for user authentication

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:21:11.833

Connected

RDS Server

50053 (0xC385)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50053, DstPort=LDAP(389), PayloadLen=0, Seq=2169720513, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:11.851

FinWait1

RDS Server

50053 (0xC385)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50053, DstPort=LDAP(389), PayloadLen=0, Seq=2169722726, Ack=4020713640, Win=4121 (scale factor 0x8) = 1054976

21:21:11.853

Connected

RDS Server

50054 (0xC386)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50054, DstPort=LDAP(389), PayloadLen=0, Seq=2209074247, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:11.909

Connected

RDS Server

50055 (0xC387)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50055, DstPort=LDAP(389), PayloadLen=0, Seq=2954111449, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:11.940

FinWait1

RDS Server

50055 (0xC387)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50055, DstPort=LDAP(389), PayloadLen=0, Seq=2954113704, Ack=4031538628, Win=4121 (scale factor 0x8) = 1054976

21:21:11.942

FinWait1

RDS Server

50054 (0xC386)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50054, DstPort=LDAP(389), PayloadLen=0, Seq=2209076479, Ack=3154907558, Win=4119 (scale factor 0x8) = 1054464

 

RDS server connects to license server over RPC 135

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:21:11.978

Connected

RDS Server

50056 (0xC388)

RDS License Server

135 (0x87)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50056, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=45240749, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

 

RDS server gets Kerberos ticket for user and logs user on

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:21:11.994

Connected

RDS Server

50058 (0xC38A)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50058, DstPort=Kerberos(88), PayloadLen=0, Seq=4063576601, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:11.998

FinWait1

RDS Server

50058 (0xC38A)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50058, DstPort=Kerberos(88), PayloadLen=0, Seq=4063576832, Ack=717409612, Win=4120 (scale factor 0x8) = 1054720

21:21:12.030

Connected

RDS Server

50059 (0xC38B)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50059, DstPort=Kerberos(88), PayloadLen=0, Seq=3245959136, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:12.037

FinWait1

RDS Server

50059 (0xC38B)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50059, DstPort=Kerberos(88), PayloadLen=0, Seq=3245959447, Ack=3458572932, Win=4121 (scale factor 0x8) = 1054976

21:21:12.037

Connected

RDS Server

50060 (0xC38C)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50060, DstPort=Kerberos(88), PayloadLen=0, Seq=2590877076, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:12.041

FinWait1

RDS Server

50060 (0xC38C)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50060, DstPort=Kerberos(88), PayloadLen=0, Seq=2590878618, Ack=700072795, Win=4121 (scale factor 0x8) = 1054976

21:21:12.409

 

RDS Server

63203 (0xF6E3)

AD Server

53 (0x35)

DNS

DNS:QueryId = 0xEF5E, QUERY (Standard query), Query  for 4.0.0.10.in-addr.arpa of type PTR on class Internet

21:21:12.417

 

AD Server

53 (0x35)

RDS Server

63203 (0xF6E3)

DNS

DNS:QueryId = 0xEF5E, QUERY (Standard query), Response - Name Error

21:21:13.633

 

RDS Server

49351 (0xC0C7)

AD Server

53 (0x35)

DNS

DNS:QueryId = 0xB8A4, QUERY (Standard query), Query  for (...).ip6.arpa of type PTR on class Internet

21:21:13.636

 

AD Server

53 (0x35)

RDS Server

49351 (0xC0C7)

DNS

DNS:QueryId = 0xB8A4, QUERY (Standard query), Response - Name Error

21:21:14.234

Connected

RDS Server

50061 (0xC38D)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50061, DstPort=Kerberos(88), PayloadLen=0, Seq=3723032653, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.236

FinWait1

RDS Server

50061 (0xC38D)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50061, DstPort=Kerberos(88), PayloadLen=0, Seq=3723032878, Ack=2921060790, Win=4120 (scale factor 0x8) = 1054720

21:21:14.254

Connected

RDS Server

50062 (0xC38E)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50062, DstPort=Kerberos(88), PayloadLen=0, Seq=2394757362, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.263

FinWait1

RDS Server

50062 (0xC38E)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50062, DstPort=Kerberos(88), PayloadLen=0, Seq=2394757667, Ack=359280590, Win=4121 (scale factor 0x8) = 1054976

21:21:14.263

Connected

RDS Server

50063 (0xC38F)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50063, DstPort=Kerberos(88), PayloadLen=0, Seq=541750701, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.266

FinWait1

RDS Server

50063 (0xC38F)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50063, DstPort=Kerberos(88), PayloadLen=0, Seq=541752076, Ack=1163190864, Win=4115 (scale factor 0x8) = 1053440

21:21:14.388

Connected

RDS Server

50064 (0xC390)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50064, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3190045546, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.467

Connected

RDS Server

50065 (0xC391)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50065, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=1148878525, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.467

Connected

RDS Server

50066 (0xC392)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50066, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=996682467, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.468

Connected

RDS Server

50067 (0xC393)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50067, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3681154319, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.851

Connected

RDS Server

50068 (0xC394)

AD Server

135 (0x87)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50068, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=2483819665, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.861

Connected

RDS Server

50070 (0xC396)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50070, DstPort=Kerberos(88), PayloadLen=0, Seq=3306116795, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.864

FinWait1

RDS Server

50070 (0xC396)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50070, DstPort=Kerberos(88), PayloadLen=0, Seq=3306118338, Ack=2754153111, Win=4121 (scale factor 0x8) = 1054976

21:21:14.890

Connected

RDS Server

50072 (0xC398)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50072, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3070954321, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.899

Connected

RDS Server

50073 (0xC399)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50073, DstPort=Kerberos(88), PayloadLen=0, Seq=1079617107, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.906

FinWait1

RDS Server

50073 (0xC399)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50073, DstPort=Kerberos(88), PayloadLen=0, Seq=1079618638, Ack=3889589683, Win=4121 (scale factor 0x8) = 1054976

21:21:14.907

Connected

RDS Server

50074 (0xC39A)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50074, DstPort=Kerberos(88), PayloadLen=0, Seq=2358320909, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:14.908

FinWait1

RDS Server

50074 (0xC39A)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50074, DstPort=Kerberos(88), PayloadLen=0, Seq=2358322240, Ack=1168370518, Win=4115 (scale factor 0x8) = 1053440

21:21:20.718

Connected

RDS Server

50075 (0xC39B)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50075, DstPort=Kerberos(88), PayloadLen=0, Seq=2650571429, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:20.722

FinWait1

RDS Server

50075 (0xC39B)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50075, DstPort=Kerberos(88), PayloadLen=0, Seq=2650572972, Ack=810395757, Win=4121 (scale factor 0x8) = 1054976

21:21:21.264

Connected

RDS Server

50076 (0xC39C)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50076, DstPort=LDAP(389), PayloadLen=0, Seq=1947778519, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:21.285

Connected

RDS Server

50077 (0xC39D)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50077, DstPort=Kerberos(88), PayloadLen=0, Seq=2190197474, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:21.288

FinWait1

RDS Server

50077 (0xC39D)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50077, DstPort=Kerberos(88), PayloadLen=0, Seq=2190199005, Ack=1972753748, Win=515 (scale factor 0x8) = 131840

21:21:21.428

Connected

RDS Server

50078 (0xC39E)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50078, DstPort=LDAP(389), PayloadLen=0, Seq=2801560355, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:21.779

FinWait1

RDS Server

50078 (0xC39E)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50078, DstPort=LDAP(389), PayloadLen=0, Seq=2801562387, Ack=4095388054, Win=4119 (scale factor 0x8) = 1054464

21:21:21.993

FinWait1

RDS Server

50076 (0xC39C)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50076, DstPort=LDAP(389), PayloadLen=0, Seq=1947781383, Ack=1295454375, Win=4117 (scale factor 0x8) = 1053952

21:21:25.542

FinWait1

RDS Server

50068 (0xC394)

AD Server

135 (0x87)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50068, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=2483820162, Ack=149338963, Win=4118 (scale factor 0x8) = 1054208

21:21:35.988

Disconnected

RDS Server

50064 (0xC390)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50064, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3190070501, Ack=2444569668, Win=0 (scale factor 0x8) = 0

21:21:35.988

Disconnected

RDS Server

50065 (0xC391)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50065, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=1148889788, Ack=3152697640, Win=0 (scale factor 0x8) = 0

21:21:35.988

Disconnected

RDS Server

50066 (0xC392)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50066, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=996701157, Ack=2677283270, Win=0 (scale factor 0x8) = 0

21:21:35.988

Disconnected

RDS Server

50067 (0xC393)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50067, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3681165495, Ack=2266817574, Win=0 (scale factor 0x8) = 0

21:21:44.307

 

RDS Server

49929 (0xC309)

AD Server

53 (0x35)

DNS

DNS:QueryId = 0xC6D9, QUERY (Standard query), Query  for _ldap._tcp.Default-First-Site-Name._sites.rds-dc-1.rds-ms.lab of type SRV on class Internet

21:21:44.308

 

AD Server

53 (0x35)

RDS Server

49929 (0xC309)

DNS

DNS:QueryId = 0xC6D9, QUERY (Standard query), Response - Name Error

21:21:47.188

 

RDS Server

61272 (0xEF58)

AD Server

53 (0x35)

DNS

DNS:QueryId = 0xD50, QUERY (Standard query), Query  for _ldap._tcp.rds-dc-1.rds-ms.lab of type SRV on class Internet

21:21:47.190

 

AD Server

53 (0x35)

RDS Server

61272 (0xEF58)

DNS

DNS:QueryId = 0xD50, QUERY (Standard query), Response - Name Error

21:21:50.381

Connected

RDS Server

50079 (0xC39F)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50079, DstPort=LDAP(389), PayloadLen=0, Seq=4278336738, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:21:50.413

FinWait1

RDS Server

50079 (0xC39F)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50079, DstPort=LDAP(389), PayloadLen=0, Seq=4278338903, Ack=477717676, Win=513 (scale factor 0x8) = 131328

21:21:52.813

 

RDS Server

55841 (0xDA21)

AD Server

53 (0x35)

DNS

DNS:QueryId = 0xC87F, QUERY (Standard query), Query  for 6.0.0.10.in-addr.arpa of type PTR on class Internet

21:21:52.814

 

AD Server

53 (0x35)

RDS Server

55841 (0xDA21)

DNS

DNS:QueryId = 0xC87F, QUERY (Standard query), Response - Name Error

 

Client disconnects from RDS server

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:22:15.189

Disconnected

RDS Client

49964 (0xC32C)

RDS Server

3389 (0xD3D)

TCP

TCP:Flags=...A.R.., SrcPort=49964, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=2744392872, Ack=823247208, Win=0

 

Client reconnects to RDS Server

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:23:05.797

Connected

RDS Client

49972 (0xC334)

RDS Server

3389 (0xD3D)

TCP

TCP:Flags=CE....S., SrcPort=49972, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=1621480644, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:05.799

Connected

RDS Client

49972 (0xC334)

RDS Server

3389 (0xD3D)

X224

X224:Connection Request

21:23:05.810

Connected

RDS Server

3389 (0xD3D)

RDS Client

49972 (0xC334)

X224

X224:Connection Confirm

21:23:12.027

 

RDS Client

51187 (0xC7F3)

RDS Server

3389 (0xD3D)

UDP

UDP:SrcPort = 51187, DstPort = MS WBT Server(3389), Length = 1240

21:23:12.032

 

RDS Client

51188 (0xC7F4)

RDS Server

3389 (0xD3D)

UDP

UDP:SrcPort = 51188, DstPort = MS WBT Server(3389), Length = 1240

21:23:12.033

 

RDS Server

3389 (0xD3D)

RDS Client

51187 (0xC7F3)

UDP

UDP:SrcPort = MS WBT Server(3389), DstPort = 51187, Length = 1240

21:23:12.033

 

RDS Server

3389 (0xD3D)

RDS Client

51188 (0xC7F4)

UDP

UDP:SrcPort = MS WBT Server(3389), DstPort = 51188, Length = 1240

 

RDS server queries AD using LDAP 389 for user authentication

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:23:12.111

Connected

RDS Server

50081 (0xC3A1)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50081, DstPort=LDAP(389), PayloadLen=0, Seq=1379151670, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:12.164

Connected

RDS Server

50082 (0xC3A2)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50082, DstPort=LDAP(389), PayloadLen=0, Seq=2177382759, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:12.201

FinWait1

RDS Server

50082 (0xC3A2)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50082, DstPort=LDAP(389), PayloadLen=0, Seq=2177385014, Ack=3237765927, Win=515 (scale factor 0x8) = 131840

21:23:12.204

Connected

RDS Server

50083 (0xC3A3)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50083, DstPort=LDAP(389), PayloadLen=0, Seq=3344037970, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:12.285

FinWait1

RDS Server

50083 (0xC3A3)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50083, DstPort=LDAP(389), PayloadLen=0, Seq=3344040225, Ack=426106924, Win=4121 (scale factor 0x8) = 1054976

21:23:12.285

FinWait1

RDS Server

50081 (0xC3A1)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50081, DstPort=LDAP(389), PayloadLen=0, Seq=1379153902, Ack=4129069406, Win=4118 (scale factor 0x8) = 1054208

21:23:14.770

Connected

RDS Server

50084 (0xC3A4)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50084, DstPort=Kerberos(88), PayloadLen=0, Seq=2141886002, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:14.777

FinWait1

RDS Server

50084 (0xC3A4)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50084, DstPort=Kerberos(88), PayloadLen=0, Seq=2141886227, Ack=1472959411, Win=4120 (scale factor 0x8) = 1054720

21:23:14.790

Connected

RDS Server

50085 (0xC3A5)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50085, DstPort=Kerberos(88), PayloadLen=0, Seq=3346243589, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:14.811

FinWait1

RDS Server

50085 (0xC3A5)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50085, DstPort=Kerberos(88), PayloadLen=0, Seq=3346243893, Ack=3118334930, Win=4121 (scale factor 0x8) = 1054976

21:23:14.811

Connected

RDS Server

50086 (0xC3A6)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50086, DstPort=Kerberos(88), PayloadLen=0, Seq=1219468062, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:14.818

FinWait1

RDS Server

50086 (0xC3A6)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50086, DstPort=Kerberos(88), PayloadLen=0, Seq=1219469437, Ack=1722508809, Win=4115 (scale factor 0x8) = 1053440

21:23:14.923

Connected

RDS Server

50087 (0xC3A7)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50087, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3145033242, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:14.955

Connected

RDS Server

50088 (0xC3A8)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50088, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=4241683270, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:14.955

Connected

RDS Server

50089 (0xC3A9)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50089, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3949512830, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:14.956

Connected

RDS Server

50090 (0xC3AA)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50090, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=2357679405, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:15.332

Connected

RDS Server

50091 (0xC3AB)

AD Server

135 (0x87)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50091, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=1049565372, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:15.343

Connected

RDS Server

50093 (0xC3AD)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50093, DstPort=Kerberos(88), PayloadLen=0, Seq=1628009195, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:15.352

FinWait1

RDS Server

50093 (0xC3AD)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50093, DstPort=Kerberos(88), PayloadLen=0, Seq=1628010738, Ack=1671622849, Win=4121 (scale factor 0x8) = 1054976

21:23:15.672

Connected

RDS Server

50094 (0xC3AE)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50094, DstPort=LDAP(389), PayloadLen=0, Seq=3337827057, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:15.674

Connected

RDS Server

50095 (0xC3AF)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50095, DstPort=Kerberos(88), PayloadLen=0, Seq=1478733766, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:15.676

FinWait1

RDS Server

50095 (0xC3AF)

AD Server

88 (0x58)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50095, DstPort=Kerberos(88), PayloadLen=0, Seq=1478735297, Ack=172072244, Win=4121 (scale factor 0x8) = 1054976

21:23:15.706

Connected

RDS Server

50096 (0xC3B0)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50096, DstPort=LDAP(389), PayloadLen=0, Seq=3581138662, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:16.065

FinWait1

RDS Server

50096 (0xC3B0)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50096, DstPort=LDAP(389), PayloadLen=0, Seq=3581140697, Ack=1249198065, Win=4119 (scale factor 0x8) = 1054464

21:23:16.078

FinWait1

RDS Server

50094 (0xC3AE)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50094, DstPort=LDAP(389), PayloadLen=0, Seq=3337829573, Ack=1545874176, Win=4117 (scale factor 0x8) = 1053952

21:23:21.471

Connected

RDS Server

50097 (0xC3B1)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=CE....S., SrcPort=50097, DstPort=LDAP(389), PayloadLen=0, Seq=4226540773, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192

21:23:21.492

FinWait1

RDS Server

50097 (0xC3B1)

AD Server

389 (0x185)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50097, DstPort=LDAP(389), PayloadLen=0, Seq=4226542938, Ack=684672697, Win=4119 (scale factor 0x8) = 1054464

21:23:25.541

FinWait1

RDS Server

50091 (0xC3AB)

AD Server

135 (0x87)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50091, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=1049565701, Ack=342135618, Win=4119 (scale factor 0x8) = 1054464

21:23:29.005

Disconnected

RDS Server

50087 (0xC3A7)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50087, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3145050195, Ack=1060459561, Win=0 (scale factor 0x8) = 0

21:23:29.005

Disconnected

RDS Server

50088 (0xC3A8)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50088, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=4241691189, Ack=883479323, Win=0 (scale factor 0x8) = 0

21:23:29.005

Disconnected

RDS Server

50089 (0xC3A9)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50089, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=3949530365, Ack=871192864, Win=0 (scale factor 0x8) = 0

21:23:29.005

Disconnected

RDS Server

50090 (0xC3AA)

AD Server

445 (0x1BD)

TCP

TCP: [Bad CheckSum]Flags=...A.R.., SrcPort=50090, DstPort=Microsoft-DS(445), PayloadLen=0, Seq=2357687353, Ack=2990482742, Win=0 (scale factor 0x8) = 0

 

RDS server disconnects from license server over RPC 135 due to inactivity timeout

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:24:05.625

FinWait1

RDS Server

50056 (0xC388)

RDS License Server

135 (0x87)

TCP

TCP: [Bad CheckSum]Flags=...A...F, SrcPort=50056, DstPort=DCE endpoint resolution(135), PayloadLen=0, Seq=45241078, Ack=4113178518, Win=4119 (scale factor 0x8) = 1054464

 

Client disconnects from RDS server

Time Of Day

TCP Frame Flags

Source

Source Port

Destination

Destination Port

Protocol

Description

21:24:21.918

Disconnected

RDS Client

49972 (0xC334)

RDS Server

3389 (0xD3D)

TCP

TCP:Flags=...A.R.., SrcPort=49972, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=1621534491, Ack=2510014433, Win=0