├── README.md
├── captures
    ├── README.md
    ├── rdp-clipboard-various-formats1.pcapng
    ├── rdp-credential-guard-accepted1.pcapng
    ├── rdp-credential-guard-rejected1.pcapng
    ├── rdp-nla-kerberos-auth1.pcapng
    ├── rdp-nla-kerberos-auth2.pcapng
    ├── rdp-nla-ntlm-rejected1.pcapng
    ├── rdp-nla-ntlm-rejected2.pcapng
    ├── rdp-nla-smartcard-auth1.pcapng
    ├── rdp-nla-smartcard-auth2.pcapng
    ├── rdp-no-nla-accepted1.pcapng
    ├── rdp-no-nla-rejected1.pcapng
    ├── rdp-no-nla-smartcard-auth1.pcapng
    ├── rdp-no-tls-accepted1.pcapng
    ├── rdp-rdg-diff-creds-kerberos-password.pcapng
    ├── rdp-rdg-diff-creds-kerberos-smartcard.pcapng
    ├── rdp-rdg-no-kdc-proxy-ntlm-downgrade-failure.pcapng
    ├── rdp-rdg-no-kdc-proxy-ntlm-downgrade-success.pcapng
    ├── rdp-rdg-same-creds-kerberos-password-success1.pcapng
    ├── rdp-rdg-same-creds-kerberos-password-success2.pcapng
    ├── rdp-rdg-same-creds-kerberos-smartcard-success1.pcapng
    ├── rdp-rdg-same-creds-kerberos-smartcard-success2.pcapng
    ├── rdp-restricted-admin-accepted1.pcapng
    ├── rdp-restricted-admin-rejected1.pcapng
    ├── rdp-vmconnect-local-basic-session-mode1.pcapng
    ├── rdp-vmconnect-local-enhanced-session-mode1.pcapng
    ├── rdp-vmconnect-remote-basic-session-mode1.pcapng
    └── rdp-vmconnect-remote-enhanced-session-mode1.pcapng
├── documents
    ├── Devolutions_2025_Decrypting_RDP_Traffic_in_Wireshark.pdf
    ├── Devolutions_2025_Decrypting_RDP_Traffic_in_Wireshark.pptx
    ├── ITSec 2024 - Démystifier l'authentification RDP.pdf
    ├── ITSec 2024 - Démystifier l'authentification RDP.pptx
    ├── ITSec 2025 - Déchiffrement et analyse du trafic RDP dans Wireshark.pdf
    └── ITSec 2025 - Déchiffrement et analyse du trafic RDP dans Wireshark.pptx
└── images
    ├── wireshark_decode_as_tls.png
    ├── wireshark_follow_tcp_stream.png
    ├── wireshark_inject_tls_secrets.png
    ├── wireshark_rdp_dissector_filter.png
    ├── wireshark_tls_dissector_rdp.png
    ├── wireshark_tls_key_log_file.png
    └── wireshark_tpkt_decode_as.png


/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/README.md


--------------------------------------------------------------------------------
/captures/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/README.md


--------------------------------------------------------------------------------
/captures/rdp-clipboard-various-formats1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-clipboard-various-formats1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-credential-guard-accepted1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-credential-guard-accepted1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-credential-guard-rejected1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-credential-guard-rejected1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-nla-kerberos-auth1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-nla-kerberos-auth1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-nla-kerberos-auth2.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-nla-kerberos-auth2.pcapng


--------------------------------------------------------------------------------
/captures/rdp-nla-ntlm-rejected1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-nla-ntlm-rejected1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-nla-ntlm-rejected2.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-nla-ntlm-rejected2.pcapng


--------------------------------------------------------------------------------
/captures/rdp-nla-smartcard-auth1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-nla-smartcard-auth1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-nla-smartcard-auth2.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-nla-smartcard-auth2.pcapng


--------------------------------------------------------------------------------
/captures/rdp-no-nla-accepted1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-no-nla-accepted1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-no-nla-rejected1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-no-nla-rejected1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-no-nla-smartcard-auth1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-no-nla-smartcard-auth1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-no-tls-accepted1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-no-tls-accepted1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-diff-creds-kerberos-password.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-diff-creds-kerberos-password.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-diff-creds-kerberos-smartcard.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-diff-creds-kerberos-smartcard.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-no-kdc-proxy-ntlm-downgrade-failure.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-no-kdc-proxy-ntlm-downgrade-failure.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-no-kdc-proxy-ntlm-downgrade-success.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-no-kdc-proxy-ntlm-downgrade-success.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-same-creds-kerberos-password-success1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-same-creds-kerberos-password-success1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-same-creds-kerberos-password-success2.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-same-creds-kerberos-password-success2.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-same-creds-kerberos-smartcard-success1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-same-creds-kerberos-smartcard-success1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-rdg-same-creds-kerberos-smartcard-success2.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-rdg-same-creds-kerberos-smartcard-success2.pcapng


--------------------------------------------------------------------------------
/captures/rdp-restricted-admin-accepted1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-restricted-admin-accepted1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-restricted-admin-rejected1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-restricted-admin-rejected1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-vmconnect-local-basic-session-mode1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-vmconnect-local-basic-session-mode1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-vmconnect-local-enhanced-session-mode1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-vmconnect-local-enhanced-session-mode1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-vmconnect-remote-basic-session-mode1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-vmconnect-remote-basic-session-mode1.pcapng


--------------------------------------------------------------------------------
/captures/rdp-vmconnect-remote-enhanced-session-mode1.pcapng:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/captures/rdp-vmconnect-remote-enhanced-session-mode1.pcapng


--------------------------------------------------------------------------------
/documents/Devolutions_2025_Decrypting_RDP_Traffic_in_Wireshark.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/documents/Devolutions_2025_Decrypting_RDP_Traffic_in_Wireshark.pdf


--------------------------------------------------------------------------------
/documents/Devolutions_2025_Decrypting_RDP_Traffic_in_Wireshark.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/documents/Devolutions_2025_Decrypting_RDP_Traffic_in_Wireshark.pptx


--------------------------------------------------------------------------------
/documents/ITSec 2024 - Démystifier l'authentification RDP.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/documents/ITSec 2024 - Démystifier l'authentification RDP.pdf


--------------------------------------------------------------------------------
/documents/ITSec 2024 - Démystifier l'authentification RDP.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/documents/ITSec 2024 - Démystifier l'authentification RDP.pptx


--------------------------------------------------------------------------------
/documents/ITSec 2025 - Déchiffrement et analyse du trafic RDP dans Wireshark.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/documents/ITSec 2025 - Déchiffrement et analyse du trafic RDP dans Wireshark.pdf


--------------------------------------------------------------------------------
/documents/ITSec 2025 - Déchiffrement et analyse du trafic RDP dans Wireshark.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/documents/ITSec 2025 - Déchiffrement et analyse du trafic RDP dans Wireshark.pptx


--------------------------------------------------------------------------------
/images/wireshark_decode_as_tls.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/images/wireshark_decode_as_tls.png


--------------------------------------------------------------------------------
/images/wireshark_follow_tcp_stream.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/images/wireshark_follow_tcp_stream.png


--------------------------------------------------------------------------------
/images/wireshark_inject_tls_secrets.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/images/wireshark_inject_tls_secrets.png


--------------------------------------------------------------------------------
/images/wireshark_rdp_dissector_filter.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/images/wireshark_rdp_dissector_filter.png


--------------------------------------------------------------------------------
/images/wireshark_tls_dissector_rdp.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/images/wireshark_tls_dissector_rdp.png


--------------------------------------------------------------------------------
/images/wireshark_tls_key_log_file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/images/wireshark_tls_key_log_file.png


--------------------------------------------------------------------------------
/images/wireshark_tpkt_decode_as.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/awakecoding/wireshark-rdp/HEAD/images/wireshark_tpkt_decode_as.png


--------------------------------------------------------------------------------