 | 1 | initial version |
All I can see from the capture files is that the RDP connection is being established. It starts and pivots to using TLSv1.3. Then things get invisible without the session keys. However, from the fact that there's Application Data flowing back and forth I assume there's negotiation between the RDP server and client application. Why that client then gives up I can't really tell from this. Maybe the system log may provide a clue here.
