Is there a way to read RDP Packets?

Discussion in 'Capsa Network Analyzer' started by CKD, Jul 13, 2010.

Thread Status:
Not open for further replies.
  1. CKD

    CKD Registered Member

    Joined:
    Jul 13, 2010
    Posts:
    2
    I'm using Capsa 7


    I'm seeing all kinds of bandwidth usage that is being attributed to one of our Microsoft Terminal servers. Unfortunately, I cannot tell which user is causing the high bandwidth utilization.

    Is this is because Capsa cannot open Remote Desktop Protocal (RDP) packets?

    If that is the case is there a way I can tell me more about who is so much bandwidth on my Terminal Server?
     
  2. Colasoft Support

    Colasoft Support Colasoft Moderator

    Joined:
    Dec 6, 2007
    Posts:
    254
    Dear CKD,

    The Remote Desktop Protocol is supported by Capsa, protocol name: MSRDP.

    I think you are talking about getting the nodes with the traffic statistics of the MSRDP. We can do that:

    1. Run Capsa, click Packet Filter Settings link to open Filter dialog.
    2. Click Add button on the bottom to create a MSRDP filter (figure below).
    creater-filter.gif
    3. Only ACCEPT the MSRDP traffic (figure below).
    enable-filter.gif
    4. Start a capture.

    Then we'll see in the Dashboard tab the Top IP Total Traffic by Bytes shows the top 5 IPaddresses with the biggest traffics of remote desk in graph. You can easily see who uses the biggest traffic.

    Also, in the IP Endpoint tab, we can click Bytes column header to order the IP addresses with traffic volume desc. We can also see which hosts generate the traffic.

    Hope this description helps you. If you have problem with this, you can also reach me with MSN: samsonchen08#(replaced by @)gmail.com

    Good luck :)
     
  3. CKD

    CKD Registered Member

    Joined:
    Jul 13, 2010
    Posts:
    2
    That helps a lot! I can now identify my bandwidth hogs.


    Thank you very much,

    CKD
     
  4. Colasoft Support

    Colasoft Support Colasoft Moderator

    Joined:
    Dec 6, 2007
    Posts:
    254
    You are welcome :)
     
Thread Status:
Not open for further replies.