Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2024-01-16 15:46:26 +0000

span gravatar image

Why is Mikrotik router using DRDA protocol?

Hello, I am seeing a lot of traffic on protocol DRDA between my router (10.10.10.1) and laptop (10.10.10.254)

Any idea what this is? I have searched and cannot find anything, any help would be appreciated

I am using a Mikrotik hEX RB750Gr3 running router OS version 6.49.10 (stable)

Here is everything I have found relating to Wireshark and DRDA but I can't find anything from Mikrotik - can someone please confirm is a standard Mikrotik device should be communicating using this protocol or if this likely indicates that my router's software has been compromised?

The other day I also noticed TDS / TDS5 packets going between the router and laptop (but very few, like 1 or 2 at a time very infrequently)

Link1: https://thenetworkguy.typepad.com/nau/2 ... codes.html Here you'll see the Info column usually has info, all of mine are Unknown

Link2: https://gitlab.com/wireshark/wireshark/-/issues/18952 Here again something other than Unknown in the info column.

See screenshot here: https://ibb.co/vxZmj6C

Why is Mikrotik router using DRDA protocol?

Hello, I am seeing a lot of traffic on protocol DRDA between my router (10.10.10.1) and laptop (10.10.10.254)

Any idea what this is? I have searched and cannot find anything, any help would be appreciatedmuch, all I found is linked at the bottom

I am using a Mikrotik hEX RB750Gr3 running router OS version 6.49.10 (stable)

Here is everything I have found relating to Wireshark and DRDA but I can't find anything from Mikrotik - can someone please confirm is a standard Mikrotik device should be communicating using this protocol or if this likely indicates that my router's software has been compromised?

The other day I also noticed TDS / TDS5 packets going between the router and laptop (but very few, like 1 or 2 at a time very infrequently)

Link1: https://thenetworkguy.typepad.com/nau/2 ... codes.html Here you'll see the Info column usually has info, all of mine are Unknown

Link2: https://gitlab.com/wireshark/wireshark/-/issues/18952 Here again something other than Unknown in the info column.

See screenshot here: https://ibb.co/vxZmj6C

Why is Mikrotik router using DRDA protocol?

Hello, I am seeing a lot of traffic on protocol DRDA between my router (10.10.10.1) and laptop (10.10.10.254)

Any idea what this is? I have searched and cannot find much, all I found is linked at the bottom

I am using a Mikrotik hEX RB750Gr3 running router OS version 6.49.10 (stable)

The other day I also noticed TDS / TDS5 packets going between the router and laptop (but very few, like 1 or 2 at a time very infrequently)

Link1: https://thenetworkguy.typepad.com/nau/2 ... codes.html https://thenetworkguy.typepad.com/nau/2009/06/drda-unraveling-the-db2-decodes.html Here you'll see the Info column usually has info, all of mine are Unknown

Link2: https://gitlab.com/wireshark/wireshark/-/issues/18952 Here again something other than Unknown in the info column.

See screenshot here: https://ibb.co/vxZmj6C

UPDATE: Thanks to Chuckc for the helpful posts, I disabled DRDA in the list of enabled protocols and now Wireshark decodes the packets as TCP so it looks like it was a case of it incorrectly seeing this packets as DRDA