[hobbit] Working Remote Desktop (3389) bb-services connection check

Josh Luthman josh at imaginenetworksllc.com
Sat Jan 9 07:57:10 CET 2010


I replaced the rdp in bb-services with your suggestion - not sure if I
should see a difference.  All four rdp services have always been green and
after this change continue to report green.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

"The secret to creativity is knowing how to hide your sources."
--- Albert Einstein


On Fri, Jan 8, 2010 at 1:04 PM, Chris Wopat <chrisw at supranet.net> wrote:

> Hello,
>
> This morning a coworker and I did some work to add a "real" remote desktop
> connection check to Xymon. There are mailing list entries in the past that
> just connect to 3389 but generally this isn't sufficient. The test is
> simple, here's what goes into bb-services (the send line may wrap, it should
> be on one line and there is a space between "Cookie:" and "mstshash":
>
> [rdp]
> port 3389
> send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie: mstshash=\r\n"
> expect "\x03\x00\x00\x0b\x06\xd0"
>
>
> I'd love it if anyone could test this out and confirm it works for them- we
> tested on Win2000, WinXP, Win2003, Win2008 and it worked in all cases.
>
> Now the tech details if anyone is curious. We sniffed and analyzed packets
> using an actual remote desktop client as well as this Nagios test:
>
>        http://troels.arvin.dk/code/nagios/check_x224
>
> There is more after the xd0 in the response packet but that appears to be
> the "Connection Confirm" response from remote desktop according to that
> script and to Wireshark. Also the packet length is hard coded in the send
> and receive above (x19 in send, x0b in receive) but this did not appear to
> cause any issues.
>
> Please integrate this into the Xymon code if everyone tests it as working!
>
> Thanks,
> Chris
>
> To unsubscribe from the hobbit list, send an e-mail to
> hobbit-unsubscribe at hswn.dk
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100109/85943f2c/attachment.html>


More information about the Xymon mailing list