RDP - Remote Desktop Protocol
What is RDP?
RDP (Remote Desktop Protocol) is a proprietary protocol developed by Microsoft that allows users to remotely connect to and control another computer over a network connection with a graphical interface.
Why is RDP useful?
RDP is useful for remote administration, technical support, remote work, and virtual desktop access. It enables users to interact with a full desktop environment from virtually anywhere.
How it works?
RDP transmits screen updates, keystrokes, and mouse movements between the remote client and the host system. It compresses and encrypts the data for secure communication and supports features like audio redirection, printer sharing, and clipboard sync.
Where is RDP used?
RDP is widely used in enterprise IT environments, data centers, and by end users for remote access to workstations and servers. It is also commonly used by system administrators for managing Windows-based systems remotely.
Which OSI layer does this protocol belong to?
RDP operates primarily at the Application Layer (Layer 7) of the OSI model, but it relies on the Transport Layer (Layer 4) for communication using TCP or UDP.
Is RDP Windows specific?
RDP is developed by Microsoft and built into Windows operating systems. While the RDP server is native to Windows, clients are available for other platforms like macOS, Linux, iOS, and Android.
Is RDP Linux specific?
No, RDP is not Linux specific. However, Linux systems can use RDP clients (e.g., Remmina, FreeRDP, rdesktop) to connect to RDP servers. RDP servers for Linux also exist, such as xrdp.
Which Transport Protocol is used by RDP?
RDP uses TCP as the primary transport protocol. Newer versions also support UDP for better performance, especially in high-latency or lossy networks.
Which Port is used by RDP?
By default, RDP uses TCP port 3389. In some configurations, UDP port 3389 is also used for enhanced performance.
Is RDP using Client server model?
Yes, RDP follows a client-server model, where the client (remote device) connects to the server (host machine) to access and control its desktop environment.
In this section, you are going to learn
Terminology
Version Info
Version & RFC Details |
|||
|---|---|---|---|
RDP Version |
Spec/Version |
Year |
Core Idea / Contribution |
Remote Desktop Protocol (RDP) |
|||
MS-RDPBCGR |
2007-2025 |
Defines RDP core protocol: connectivity, graphics remoting, input handling. Continuously updated. |
|
Remote Desktop Services Overview |
|||
MS-RDSOD |
2007-2025 |
Overview of all RDP-related protocols including redirection, licensing, and session management. |
|
RemoteFX Extensions |
|||
MS-RDPEV, MS-RDPEGFX, etc. |
2010 |
Extensions for multimedia, graphics acceleration, and USB redirection. |
|
RDP Protocol Versions |
|||
MS-RDPBCGR v1.0-61.0 |
2007-2025 |
Major revisions published regularly. Latest version: 61.0 (April 2025). |
Testcase 1: RDP Setup for IPv4 without Security
Step-1 : Launch Server (Ubuntu)
Note
Update system and install xrdp
sudo apt update && sudo apt upgrade -y sudo apt install xrdp -yNote
Assign IP address to server interface
sudo ip addr add 192.168.1.1/24 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdpNote
Install XFCE desktop environment and restart xrdp
sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcpNote
Install and configure LightDM display manager
sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --nowNote
Configure XFCE session startup
echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsessionNote
Update /etc/xrdp/startwm.sh to start XFCE session
sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.shStep-2 : Launch Client (Ubuntu)
Note
Update system, install FreeRDP client and assign client IP
sudo apt update sudo apt install freerdp2-x11 -y sudo ip addr add 192.168.1.2/24 dev enp1s0 sudo ip link set enp1s0 upNote
Connect to server using RDP
xfreerdp /v:192.168.1.1 /u:<USERNAME> /p:<PASSWORD>Step-3 : Session Handling
Note
Logout properly from XFCE before closing client session If logout fails, manually clear processes
ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdpExpected Results
Client connects to server using RDP over IPv4 without encryption.
Wireshark shows RDP traffic on TCP 3389, unencrypted.
Session stable until logout.
Wireshark Capture
Testcase 2: RDP Setup for IPv4 with Security (TLS)
Step-1 : Launch Server (Ubuntu)
Note
Update system and install xrdp
sudo apt update && sudo apt upgrade -y sudo apt install xrdp -yNote
Assign IP address to server interface
sudo ip addr add 192.168.1.1/24 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdpNote
Install XFCE desktop and restart xrdp
sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcpNote
Install and configure LightDM
sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --nowNote
Configure XFCE session startup
echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsession sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.shNote
Generate self-signed TLS certificate
sudo mkdir -p /etc/xrdp/cert cd /etc/xrdp/cert sudo openssl req -x509 -newkey rsa:4096 -keyout xrdp.key -out xrdp.crt -days 365 -nodes -subj "/CN=$(hostname)" sudo chmod 600 xrdp.keyNote
Configure TLS in /etc/xrdp/xrdp.ini
[Globals] security_layer=tls crypt_level=high certificate=/etc/xrdp/cert/xrdp.crt key_file=/etc/xrdp/cert/xrdp.key sudo chown root:xrdp /etc/xrdp/cert/xrdp.* sudo chmod 640 /etc/xrdp/cert/xrdp.* sudo usermod -aG xrdp xrdp sudo systemctl restart xrdpStep-2 : Launch Client (Ubuntu with FreeRDP from source)
Note
Install build dependencies, clone FreeRDP, and build from source
sudo apt update sudo apt install -y git cmake ninja-build build-essential pkg-config \ libssl-dev libx11-dev libxext-dev libxrandr-dev libxinerama-dev \ libxkbfile-dev libxi-dev libxrender-dev libxcursor-dev libxtst-dev \ libxfixes-dev libxkbcommon-dev libxkbcommon-x11-0 libwayland-dev \ wayland-protocols libpulse-dev libasound2-dev libcups2-dev \ libavcodec-dev libavutil-dev libswscale-dev libswresample-dev git clone https://github.com/FreeRDP/FreeRDP.git cd FreeRDP && mkdir build && cd build cmake -G Ninja .. -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX=/opt/freerdp-keylog \ -DWITH_OPENSSL=ON -DWITH_MBEDTLS=OFF -DWITH_X11=ON -DWITH_PULSE=ON ninja sudo ninja install echo '/opt/freerdp-keylog/lib/x86_64-linux-gnu' | sudo tee /etc/ld.so.conf.d/freerdp-keylog.conf sudo ldconfigNote
Prepare secrets file and connect to server using TLS
KEYS="$HOME/freerdp_tls.keys" xfreerdp /v:192.168.1.1 /u:<USERNAME> /p:<PASSWORD> /tls:secrets-file:"$KEYS" /cert:ignoreStep-3 : Session Handling
Note
Properly log out before closing RDP client; clear processes if logout fails
ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdpExpected Results
Client connects securely to the RDP server using TLS.
Wireshark shows TLS handshake and encrypted traffic on TCP 3389.
Secrets file allows decryption in Wireshark.
Wireshark Capture
Keys File for Decryption
Testcase 1: RDP Setup for IPv6 without Security
Step-1 : Launch Server (Ubuntu)
Note
Update system and install xrdp
sudo apt update && sudo apt upgrade -y sudo apt install xrdp -yNote
Assign IPv6 address to server interface
sudo ip addr add fd12:3456:789a::1/64 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdpNote
Install XFCE desktop and restart xrdp
sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcpNote
Install and configure LightDM
sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --nowNote
Configure XFCE session startup
echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsession sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.shNote
Restart xrdp service after session setup
sudo systemctl restart xrdpStep-2 : Launch Client (Ubuntu)
Note
Update system, install FreeRDP client, and assign client IPv6
sudo apt update sudo apt install freerdp2-x11 -y sudo ip addr add fd12:3456:789a::2/64 dev enp1s0 sudo ip link set enp1s0 upNote
Connect to server using RDP
xfreerdp /v:fd12:3456:789a::1 /u:<USERNAME> /p:<PASSWORD>Step-3 : Session Handling
Note
Logout properly from XFCE before closing client session. If logout fails, manually clear processes.
ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdpExpected Results
Client connects using RDP over IPv6 without encryption.
Wireshark shows RDP traffic on TCP 3389 (IPv6) unencrypted.
Session remains stable until logout.
Wireshark Capture
Testcase 2: RDP Setup for IPv6 with Security (TLS)
Step-1 : Launch Server (Ubuntu)
Note
Update system and install xrdp
sudo apt update && sudo apt upgrade -y sudo apt install xrdp -yNote
Assign IPv6 address to server interface
sudo ip addr add fd12:3456:789a::1/64 dev enx503eaa96bbf0 sudo ip link set enx503eaa96bbf0 up sudo systemctl enable xrdp sudo systemctl start xrdpNote
Install XFCE desktop and restart xrdp
sudo apt install xfce4 xfce4-goodies -y sudo systemctl restart xrdp sudo ufw allow 3389/tcpNote
Install and configure LightDM
sudo apt install lightdm -y sudo dpkg-reconfigure lightdm sudo systemctl disable gdm3 --now sudo systemctl enable lightdm --nowNote
Configure XFCE session startup
echo '#!/bin/sh' > ~/.xsession echo '/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1 &' >> ~/.xsession echo 'startxfce4' >> ~/.xsession chmod 755 ~/.xsession sudo nano /etc/xrdp/startwm.sh #!/bin/sh unset DBUS_SESSION_BUS_ADDRESS unset XDG_RUNTIME_DIR exec startxfce4 sudo chmod +x /etc/xrdp/startwm.shNote
Generate self-signed TLS certificate
sudo mkdir -p /etc/xrdp/cert cd /etc/xrdp/cert sudo openssl req -x509 -newkey rsa:4096 -keyout xrdp.key -out xrdp.crt -days 365 -nodes -subj "/CN=$(hostname)" sudo chmod 600 xrdp.keyNote
Configure TLS in /etc/xrdp/xrdp.ini
[Globals] security_layer=tls crypt_level=high certificate=/etc/xrdp/cert/xrdp.crt key_file=/etc/xrdp/cert/xrdp.key sudo chown root:xrdp /etc/xrdp/cert/xrdp.* sudo chmod 640 /etc/xrdp/cert/xrdp.* sudo usermod -aG xrdp xrdp sudo systemctl restart xrdpStep-2 : Launch Client (Ubuntu with FreeRDP from source)
Note
Install build dependencies, clone FreeRDP, and build from source
sudo apt update sudo apt install -y git cmake ninja-build build-essential pkg-config \ libssl-dev libx11-dev libxext-dev libxrandr-dev libxinerama-dev \ libxkbfile-dev libxi-dev libxrender-dev libxcursor-dev libxtst-dev \ libxfixes-dev libxkbcommon-dev libxkbcommon-x11-0 libwayland-dev \ wayland-protocols libpulse-dev libasound2-dev libcups2-dev \ libavcodec-dev libavutil-dev libswscale-dev libswresample-dev git clone https://github.com/FreeRDP/FreeRDP.git cd FreeRDP && mkdir build && cd build cmake -G Ninja .. -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX=/opt/freerdp-keylog \ -DWITH_OPENSSL=ON -DWITH_MBEDTLS=OFF -DWITH_X11=ON -DWITH_PULSE=ON ninja sudo ninja install echo '/opt/freerdp-keylog/lib/x86_64-linux-gnu' | sudo tee /etc/ld.so.conf.d/freerdp-keylog.conf sudo ldconfigNote
Prepare secrets file and connect to server using TLS
KEYS="$HOME/freerdp_tls_ipv6.keys" xfreerdp /v:fd12:3456:789a::1 /u:<USERNAME> /p:<PASSWORD> /tls:secrets-file:"$KEYS" /cert:ignoreStep-3 : Session Handling
Note
Properly log out before closing RDP client; clear processes if logout fails
ps -ef | grep Xorg ps -ef | grep xfce ps -ef | grep xrdp sudo pkill -f Xorg sudo pkill -f xfce sudo pkill -f xrdp-sesman sudo systemctl restart xrdpExpected Results
Client connects securely using TLS over IPv6.
Wireshark shows TLS handshake and encrypted RDP traffic on TCP 3389 (IPv6).
Secrets file allows decryption in Wireshark.
Session remains stable until logout.
Wireshark Capture
Keys File for Decryption
RDP Negotiation Request
Protocol Packet Details |
|||
|---|---|---|---|
S.No |
Protocol Packets |
Description |
Size(bytes) |
1 |
RDP Negotiation Request |
Sent from client to server |
|
Type |
Set to 0x01 for negotiation request |
1 |
|
Flags |
Security flags (e.g., TLS, CredSSP) |
1 |
|
Length |
Total length of the request |
2 |
|
Requested Protocols |
Bitmask of supported security protocols |
4 |
RDP Negotiation Response
Protocol Packet Details |
|||
|---|---|---|---|
S.No |
Protocol Packets |
Description |
Size(bytes) |
2 |
RDP Negotiation Response |
Sent from server to client |
|
Type |
Set to 0x02 for negotiation response |
1 |
|
Flags |
Security flags |
1 |
|
Length |
Total length of the response |
2 |
|
Selected Protocol |
Protocol chosen by the server |
4 |
MCS Connect Initial
Protocol Packet Details |
|||
|---|---|---|---|
S.No |
Protocol Packets |
Description |
Size(bytes) |
3 |
MCS Connect Initial |
Part of T.125 layer, includes GCC block |
|
Calling Domain Selector |
Identifier for client domain |
variable |
|
Called Domain Selector |
Identifier for server domain |
variable |
|
Upward Flag |
Indicates upward connection |
1 |
|
Target Parameters |
Domain/channel parameters |
variable |
|
Minimum Channels |
Minimum number of channels supported |
2 |
|
Maximum Channels |
Maximum number of channels supported |
2 |
|
GCC Block |
Contains client core, security, network data |
variable |
MCS Connect Response
Protocol Packet Details |
|||
|---|---|---|---|
S.No |
Protocol Packets |
Description |
Size(bytes) |
4 |
MCS Connect Response |
Server replies with its capabilities |
|
Result |
Connection result code |
1 |
|
Called Connect ID |
Server-assigned connection ID |
2 |
|
Domain Parameters |
Server domain/channel parameters |
variable |
|
GCC Block |
Contains server core, security, network data |
variable |
Client Info PDU
Protocol Packet Details |
|||
|---|---|---|---|
S.No |
Protocol Packets |
Description |
Size(bytes) |
5 |
Client Info PDU |
Sent after security exchange |
|
Code Page |
Character encoding used |
4 |
|
Flags |
Session flags |
4 |
|
Domain Length |
Length of domain string |
2 |
|
Username Length |
Length of username string |
2 |
|
Password Length |
Length of password string |
2 |
|
Alternate Shell Length |
Length of shell string |
2 |
|
Working Dir Length |
Length of working directory string |
2 |
|
Unicode Strings |
Actual strings (domain, username, etc.) |
variable |
Control PDU
Protocol Packet Details |
|||
|---|---|---|---|
S.No |
Protocol Packets |
Description |
Size(bytes) |
6 |
Control PDU |
Used for session control actions |
|
Action |
Control action (e.g., Request Control) |
4 |
|
User ID |
Identifier of the user |
2 |
|
Padding |
Reserved, must be zero |
6 |
Virtual Channel PDU
Protocol Packet Details |
|||
|---|---|---|---|
S.No |
Protocol Packets |
Description |
Size(bytes) |
7 |
Virtual Channel PDU |
Used for clipboard, audio, printer redirection |
|
Channel ID |
Identifier of the virtual channel |
2 |
|
Length |
Length of the data |
2 |
|
Flags |
Compression and priority flags |
2 |
|
Data |
Actual payload |
variable |
RDP - Use Cases |
||
|---|---|---|
S.No |
Use Case |
Description |
1 |
Remote Desktop Access |
Allows users to connect to and control a remote computer as if they were physically present. |
2 |
Remote Administration |
IT administrators use RDP to manage servers and workstations remotely. |
3 |
Helpdesk and Support |
Support teams use RDP to troubleshoot and resolve user issues remotely. |
4 |
Virtual Desktop Infrastructure (VDI) |
RDP is used to deliver virtual desktops to users from centralized servers. |
5 |
Secure Remote Work |
Enables employees to work from home securely by accessing corporate desktops. |
6 |
Application Virtualization |
Specific applications can be run remotely and displayed locally using RDP. |
7 |
Multi-Monitor Support |
RDP supports multiple monitors, enhancing productivity for remote users. |
8 |
Clipboard and File Redirection |
Allows copy-paste and file transfer between local and remote systems. |
9 |
Printer and Audio Redirection |
Redirects local printers and audio devices to the remote session. |
10 |
Session Reconnection |
Supports automatic reconnection to interrupted sessions. |
11 |
Bandwidth Optimization |
Uses compression and caching to optimize performance over slow networks. |
12 |
Remote App Publishing |
Allows publishing of individual apps instead of full desktops. |
13 |
Smart Card Authentication |
Supports smart card login for secure authentication. |
14 |
Load Balancing and Gateway Access |
Works with RD Gateway and Connection Broker for scalable deployments. |
features
Reference links