5.4.4 Packet Layout in the I/O Data Stream

Because RDP encryption is not used in the presence of an External Security Protocol (section 5.4.5) layer, the security header data (section 5.4.4) is not present in any RDP traffic (except for the Client Info (section 2.2.1.11) and licensing PDUs). All of the RDP traffic which is encrypted by the External Security Protocol is wrapped by headers determined by the protocol specification.

For example, if SSL is used as the External Security Protocol, an encrypted RDP slow-path packet would appear as follows.

Figure 14: Encrypted slow-path packet

A fast-path packet would appear as follows if SSL is the External Security Protocol:

Figure 15: Encrypted fast-path packet

Notice that in both of these cases, the security header data is missing. See sections 2.2.8.1 and 2.2.9.1 for more details on slow and fast-path packet formats.