Wireshark-users: Re: [Wireshark-users] Who needs a new protocol disector built? I want to help!
From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Wed, 4 May 2011 10:53:47 -0600
On Wed, May 04, 2011 at 12:38:31PM -0400, Ronald Erdman wrote:

> Or, if anyone knows of any that are fairly common but not supported 
> already, any suggestions would be greatly appreciated!

It would be great to have a full RDP dissector in Wireshark (or at least 
one for the unencrypted portions of the protocol).  Here are notes on it 
including specifications at the bottom: http://wiki.wireshark.org/RDP