RDP - Remote Desktop Protocol ================================ .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is RDP?** RDP (Remote Desktop Protocol) is a proprietary protocol developed by Microsoft that allows users to remotely connect to and control another computer over a network connection with a graphical interface. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is RDP useful?** RDP is useful for remote administration, technical support, remote work, and virtual desktop access. It enables users to interact with a full desktop environment from virtually anywhere. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** RDP transmits screen updates, keystrokes, and mouse movements between the remote client and the host system. It compresses and encrypts the data for secure communication and supports features like audio redirection, printer sharing, and clipboard sync. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is RDP used?** RDP is widely used in enterprise IT environments, data centers, and by end users for remote access to workstations and servers. It is also commonly used by system administrators for managing Windows-based systems remotely. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** RDP operates primarily at the **Application Layer (Layer 7)** of the OSI model, but it relies on the **Transport Layer (Layer 4)** for communication using TCP or UDP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is RDP Windows specific?** RDP is developed by Microsoft and built into Windows operating systems. While the RDP **server** is native to Windows, **clients** are available for other platforms like macOS, Linux, iOS, and Android. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is RDP Linux specific?** No, RDP is not Linux specific. However, Linux systems can use RDP **clients** (e.g., `Remmina`, `FreeRDP`, `rdesktop`) to connect to RDP servers. RDP **servers** for Linux also exist, such as `xrdp`. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by RDP?** RDP uses **TCP** as the primary transport protocol. Newer versions also support **UDP** for better performance, especially in high-latency or lossy networks. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by RDP?** By default, RDP uses **TCP port 3389**. In some configurations, **UDP port 3389** is also used for enhanced performance. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is RDP using Client server model?** Yes, RDP follows a **client-server model**, where the client (remote device) connects to the server (host machine) to access and control its desktop environment. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`RDP Version&RFC Details ` * :ref:`RDP Basic Setup on Ubuntu using IPv4 ` * :ref:`RDP Basic Setup on Ubuntu using IPv6 ` * :ref:`RDP Protocol Packet Details ` * :ref:`RDP Usecases ` * :ref:`RDP Basic Features ` * :ref:`Reference links ` .. _RDP_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _RDP_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _RDP_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _RDP_step5: .. tab-set:: .. tab-item:: RDP Version&RFC Details .. csv-table:: :file: ./RDP/RDP_Version_RFC_Details.csv :widths: 10,10,10,30 :header-rows: 1 .. _RDP_step18: .. tab-set:: .. tab-item:: RDP Basic Setup on Ubuntu using IPv4 **Testcase 1: RDP Setup for IPv4 without Security** * Step-1 : Launch Server (Ubuntu) .. note:: Update system and install xrdp .. code-block:: shell sudo apt update && sudo apt upgrade -y sudo apt install xrdp -y .. note:: Assign IP address to server interface .. code-block:: shell sudo ip addr add 192.168.1.1/24 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdp .. note:: Install XFCE desktop environment and restart xrdp .. code-block:: shell sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcp .. note:: Install and configure LightDM display manager .. code-block:: shell sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --now .. note:: Configure XFCE session startup .. code-block:: shell echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsession .. note:: Update /etc/xrdp/startwm.sh to start XFCE session .. code-block:: shell sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.sh * Step-2 : Launch Client (Ubuntu) .. note:: Update system, install FreeRDP client and assign client IP .. code-block:: shell sudo apt update sudo apt install freerdp2-x11 -y sudo ip addr add 192.168.1.2/24 dev enp1s0 sudo ip link set enp1s0 up .. note:: Connect to server using RDP .. code-block:: shell xfreerdp /v:192.168.1.1 /u: /p: * Step-3 : Session Handling .. note:: Logout properly from XFCE before closing client session If logout fails, manually clear processes .. code-block:: shell ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdp * Expected Results 1. Client connects to server using **RDP over IPv4** without encryption. 2. Wireshark shows **RDP traffic on TCP 3389**, unencrypted. 3. Session stable until logout. * Wireshark Capture :download:`Download Wireshark capture ` **Testcase 2: RDP Setup for IPv4 with Security (TLS)** * Step-1 : Launch Server (Ubuntu) .. note:: Update system and install xrdp .. code-block:: shell sudo apt update && sudo apt upgrade -y sudo apt install xrdp -y .. note:: Assign IP address to server interface .. code-block:: shell sudo ip addr add 192.168.1.1/24 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdp .. note:: Install XFCE desktop and restart xrdp .. code-block:: shell sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcp .. note:: Install and configure LightDM .. code-block:: shell sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --now .. note:: Configure XFCE session startup .. code-block:: shell echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsession sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.sh .. note:: Generate self-signed TLS certificate .. code-block:: shell sudo mkdir -p /etc/xrdp/cert cd /etc/xrdp/cert sudo openssl req -x509 -newkey rsa:4096 -keyout xrdp.key -out xrdp.crt -days 365 -nodes -subj "/CN=$(hostname)" sudo chmod 600 xrdp.key .. note:: Configure TLS in /etc/xrdp/xrdp.ini .. code-block:: text [Globals] security_layer=tls crypt_level=high certificate=/etc/xrdp/cert/xrdp.crt key_file=/etc/xrdp/cert/xrdp.key sudo chown root:xrdp /etc/xrdp/cert/xrdp.* sudo chmod 640 /etc/xrdp/cert/xrdp.* sudo usermod -aG xrdp xrdp sudo systemctl restart xrdp * Step-2 : Launch Client (Ubuntu with FreeRDP from source) .. note:: Install build dependencies, clone FreeRDP, and build from source .. code-block:: shell sudo apt update sudo apt install -y git cmake ninja-build build-essential pkg-config \ libssl-dev libx11-dev libxext-dev libxrandr-dev libxinerama-dev \ libxkbfile-dev libxi-dev libxrender-dev libxcursor-dev libxtst-dev \ libxfixes-dev libxkbcommon-dev libxkbcommon-x11-0 libwayland-dev \ wayland-protocols libpulse-dev libasound2-dev libcups2-dev \ libavcodec-dev libavutil-dev libswscale-dev libswresample-dev git clone https://github.com/FreeRDP/FreeRDP.git cd FreeRDP && mkdir build && cd build cmake -G Ninja .. -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX=/opt/freerdp-keylog \ -DWITH_OPENSSL=ON -DWITH_MBEDTLS=OFF -DWITH_X11=ON -DWITH_PULSE=ON ninja sudo ninja install echo '/opt/freerdp-keylog/lib/x86_64-linux-gnu' | sudo tee /etc/ld.so.conf.d/freerdp-keylog.conf sudo ldconfig .. note:: Prepare secrets file and connect to server using TLS .. code-block:: shell KEYS="$HOME/freerdp_tls.keys" xfreerdp /v:192.168.1.1 /u: /p: /tls:secrets-file:"$KEYS" /cert:ignore * Step-3 : Session Handling .. note:: Properly log out before closing RDP client; clear processes if logout fails .. code-block:: shell ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdp * Expected Results 1. Client connects securely to the RDP server using TLS. 2. Wireshark shows TLS handshake and encrypted traffic on TCP 3389. 3. Secrets file allows decryption in Wireshark. * Wireshark Capture :download:`Download Wireshark capture ` * Keys File for Decryption :download:`Download Keys file ` .. _RDP_step19: .. tab-set:: .. tab-item:: RDP Basic Setup on Ubuntu using IPv6 **Testcase 1: RDP Setup for IPv6 without Security** * Step-1 : Launch Server (Ubuntu) .. note:: Update system and install xrdp .. code-block:: shell sudo apt update && sudo apt upgrade -y sudo apt install xrdp -y .. note:: Assign IPv6 address to server interface .. code-block:: shell sudo ip addr add fd12:3456:789a::1/64 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdp .. note:: Install XFCE desktop and restart xrdp .. code-block:: shell sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcp .. note:: Install and configure LightDM .. code-block:: shell sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --now .. note:: Configure XFCE session startup .. code-block:: shell echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsession sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.sh .. note:: Restart xrdp service after session setup .. code-block:: shell sudo systemctl restart xrdp * Step-2 : Launch Client (Ubuntu) .. note:: Update system, install FreeRDP client, and assign client IPv6 .. code-block:: shell sudo apt update sudo apt install freerdp2-x11 -y sudo ip addr add fd12:3456:789a::2/64 dev enp1s0 sudo ip link set enp1s0 up .. note:: Connect to server using RDP .. code-block:: shell xfreerdp /v:fd12:3456:789a::1 /u: /p: * Step-3 : Session Handling .. note:: Logout properly from XFCE before closing client session. If logout fails, manually clear processes. .. code-block:: shell ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdp * Expected Results 1. Client connects using **RDP over IPv6** without encryption. 2. Wireshark shows **RDP traffic on TCP 3389 (IPv6)** unencrypted. 3. Session remains stable until logout. .. image:: RDP/rdp.png :width: 800 :alt: RDP connection setup * Wireshark Capture :download:`Download Wireshark capture ` **Testcase 2: RDP Setup for IPv6 with Security (TLS)** * Step-1 : Launch Server (Ubuntu) .. note:: Update system and install xrdp .. code-block:: shell sudo apt update && sudo apt upgrade -y sudo apt install xrdp -y .. note:: Assign IPv6 address to server interface .. code-block:: shell sudo ip addr add fd12:3456:789a::1/64 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdp .. note:: Install XFCE desktop and restart xrdp .. code-block:: shell sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcp .. note:: Install and configure LightDM .. code-block:: shell sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --now .. note:: Configure XFCE session startup .. code-block:: shell echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsession sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.sh .. note:: Generate self-signed TLS certificate .. code-block:: shell sudo mkdir -p /etc/xrdp/cert cd /etc/xrdp/cert sudo openssl req -x509 -newkey rsa:4096 -keyout xrdp.key -out xrdp.crt -days 365 -nodes -subj "/CN=$(hostname)" sudo chmod 600 xrdp.key .. note:: Configure TLS in /etc/xrdp/xrdp.ini .. code-block:: text [Globals] security_layer=tls crypt_level=high certificate=/etc/xrdp/cert/xrdp.crt key_file=/etc/xrdp/cert/xrdp.key sudo chown root:xrdp /etc/xrdp/cert/xrdp.* sudo chmod 640 /etc/xrdp/cert/xrdp.* sudo usermod -aG xrdp xrdp sudo systemctl restart xrdp * Step-2 : Launch Client (Ubuntu with FreeRDP from source) .. note:: Install build dependencies, clone FreeRDP, and build from source .. code-block:: shell sudo apt update sudo apt install -y git cmake ninja-build build-essential pkg-config \ libssl-dev libx11-dev libxext-dev libxrandr-dev libxinerama-dev \ libxkbfile-dev libxi-dev libxrender-dev libxcursor-dev libxtst-dev \ libxfixes-dev libxkbcommon-dev libxkbcommon-x11-0 libwayland-dev \ wayland-protocols libpulse-dev libasound2-dev libcups2-dev \ libavcodec-dev libavutil-dev libswscale-dev libswresample-dev git clone https://github.com/FreeRDP/FreeRDP.git cd FreeRDP && mkdir build && cd build cmake -G Ninja .. -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX=/opt/freerdp-keylog \ -DWITH_OPENSSL=ON -DWITH_MBEDTLS=OFF -DWITH_X11=ON -DWITH_PULSE=ON ninja sudo ninja install echo '/opt/freerdp-keylog/lib/x86_64-linux-gnu' | sudo tee /etc/ld.so.conf.d/freerdp-keylog.conf sudo ldconfig .. note:: Prepare secrets file and connect to server using TLS .. code-block:: shell KEYS="$HOME/freerdp_tls_ipv6.keys" xfreerdp /v:fd12:3456:789a::1 /u: /p: /tls:secrets-file:"$KEYS" /cert:ignore * Step-3 : Session Handling .. note:: Properly log out before closing RDP client; clear processes if logout fails .. code-block:: shell ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdp * Expected Results 1. Client connects securely using **TLS over IPv6**. 2. Wireshark shows TLS handshake and encrypted RDP traffic on TCP 3389 (IPv6). 3. Secrets file allows decryption in Wireshark. 4. Session remains stable until logout. * Wireshark Capture :download:`Download Wireshark capture ` * Keys File for Decryption :download:`Download Keys file ` .. _RDP_step6: .. tab-set:: .. tab-item:: RDP Protocol Packet Details **RDP Negotiation Request** .. csv-table:: :file: ./RDP/RDP_Packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **RDP Negotiation Response** .. csv-table:: :file: ./RDP/RDP_Packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 **MCS Connect Initial** .. csv-table:: :file: ./RDP/RDP_Packetdetails3.csv :widths: 10,20,30,10 :header-rows: 1 **MCS Connect Response** .. csv-table:: :file: ./RDP/RDP_Packetdetails4.csv :widths: 10,20,30,10 :header-rows: 1 **Client Info PDU** .. csv-table:: :file: ./RDP/RDP_Packetdetails5.csv :widths: 10,20,30,10 :header-rows: 1 **Control PDU** .. csv-table:: :file: ./RDP/RDP_Packetdetails6.csv :widths: 10,20,30,10 :header-rows: 1 **Virtual Channel PDU** .. csv-table:: :file: ./RDP/RDP_Packetdetails7.csv :widths: 10,20,30,10 :header-rows: 1 .. _RDP_step7: .. tab-set:: .. tab-item:: RDP Usecases .. csv-table:: :file: ./RDP/RDP_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _RDP_step8: .. tab-set:: .. tab-item:: RDP Basic Features * features .. _RDP_step17: .. tab-set:: .. tab-item:: Reference links * Reference links