How to get the IP address and Port info of a RDP client?

L

Lingfei Wang

Hi,I'm trying to find the way to discover the source public IP and port which was used to establish the RDP connection. I tried the following ways:1) Audit log event 4624, only source IP is included, the source port is empty for RDP.2) Terminal services local session manager event 21, only IP info is there.3) WTSQuerySessionInformation() with WTSClientAddress. This IP is reported by the RDP client, the IP address might be not the actual public IP, and there is no port info either.4) I cannot use the "netstat" way to find the correct port info. Think about the following situation, there are tw

Continue reading...
 
Back
Top Bottom