Working Remote Desktop (3389) bb-services connection check
list Chris Wopat
Hello, This morning a coworker and I did some work to add a "real" remote desktop connection check to Xymon. There are mailing list entries in the past that just connect to 3389 but generally this isn't sufficient. The test is simple, here's what goes into bb-services (the send line may wrap, it should be on one line and there is a space between "Cookie:" and "mstshash": [rdp] port 3389 send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie: mstshash=\r\n" expect "\x03\x00\x00\x0b\x06\xd0" I'd love it if anyone could test this out and confirm it works for them- we tested on Win2000, WinXP, Win2003, Win2008 and it worked in all cases. Now the tech details if anyone is curious. We sniffed and analyzed packets using an actual remote desktop client as well as this Nagios test: http://troels.arvin.dk/code/nagios/check_x224 There is more after the xd0 in the response packet but that appears to be the "Connection Confirm" response from remote desktop according to that script and to Wireshark. Also the packet length is hard coded in the send and receive above (x19 in send, x0b in receive) but this did not appear to cause any issues. Please integrate this into the Xymon code if everyone tests it as working! Thanks, Chris
list Josh Luthman
I replaced the rdp in bb-services with your suggestion - not sure if I should see a difference. All four rdp services have always been green and after this change continue to report green. Josh Luthman Office: XXX-XXX-XXXX Direct: XXX-XXX-XXXX XXXX Wayne St Suite XXXX Troy, OH XXXXX "The secret to creativity is knowing how to hide your sources." --- Albert Einstein
▸
On Fri, Jan 8, 2010 at 1:04 PM, Chris Wopat <user-8ece45634613@xymon.invalid> wrote:
Hello,
This morning a coworker and I did some work to add a "real" remote desktop
connection check to Xymon. There are mailing list entries in the past that
just connect to 3389 but generally this isn't sufficient. The test is
simple, here's what goes into bb-services (the send line may wrap, it should
be on one line and there is a space between "Cookie:" and "mstshash":
[rdp]
port 3389
send "\x03\x00\x00\x1e\x19\xe0\x00\x00\x00\x00\x00Cookie: mstshash=\r\n"
expect "\x03\x00\x00\x0b\x06\xd0"
I'd love it if anyone could test this out and confirm it works for them- we
tested on Win2000, WinXP, Win2003, Win2008 and it worked in all cases.
Now the tech details if anyone is curious. We sniffed and analyzed packets
using an actual remote desktop client as well as this Nagios test:
http://troels.arvin.dk/code/nagios/check_x224
There is more after the xd0 in the response packet but that appears to be
the "Connection Confirm" response from remote desktop according to that
script and to Wireshark. Also the packet length is hard coded in the send
and receive above (x19 in send, x0b in receive) but this did not appear to
cause any issues.
Please integrate this into the Xymon code if everyone tests it as working!
Thanks,
Chris
list Chris Wopat
▸
On 01/09/2010 12:57 AM, Josh Luthman wrote:
I replaced the rdp in bb-services with your suggestion - not sure if I should see a difference. All four rdp services have always been green and after this change continue to report green.
You already had 'rdp'? Did you add it yourself or did you impliment someone else's solution? I did not see 'rdp' existing in mine which is why I created this. --Chris
list Josh Luthman
I may have put it in myself. It's at the bottom, where I would put it. Not certain, though.
▸
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
"The secret to creativity is knowing how to hide your sources."
--- Albert Einstein
▸
On Fri, Jan 15, 2010 at 11:56 AM, Chris Wopat <user-8ece45634613@xymon.invalid> wrote:
On 01/09/2010 12:57 AM, Josh Luthman wrote:I replaced the rdp in bb-services with your suggestion - not sure if I should see a difference. All four rdp services have always been green and after this change continue to report green.You already had 'rdp'? Did you add it yourself or did you impliment someone else's solution? I did not see 'rdp' existing in mine which is why I created this. --Chris