Working Remote Desktop (3389) bb-services connection check

Chris Wopat chrisw at supranet.net
Fri Jan 8 19:04:40 CET 2010


Hello,

This morning a coworker and I did some work to add a "real" remote 
desktop connection check to Xymon. There are mailing list entries in the 
past that just connect to 3389 but generally this isn't sufficient. The 
test is simple, here's what goes into bb-services (the send line may 
wrap, it should be on one line and there is a space between "Cookie:" 
and "mstshash":

[rdp]
port 3389
send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie: mstshash=\r\n"
expect "\x03\x00\x00\x0b\x06\xd0"


I'd love it if anyone could test this out and confirm it works for them- 
we tested on Win2000, WinXP, Win2003, Win2008 and it worked in all cases.

Now the tech details if anyone is curious. We sniffed and analyzed 
packets using an actual remote desktop client as well as this Nagios test:

	http://troels.arvin.dk/code/nagios/check_x224

There is more after the xd0 in the response packet but that appears to 
be the "Connection Confirm" response from remote desktop according to 
that script and to Wireshark. Also the packet length is hard coded in 
the send and receive above (x19 in send, x0b in receive) but this did 
not appear to cause any issues.

Please integrate this into the Xymon code if everyone tests it as working!

Thanks,
Chris



More information about the Xymon mailing list