|
1
|
# Famatech Remote Administrator - remote desktop for MS Windows
|
|
2
|
# Pattern attributes: ok veryfast fast
|
|
3
|
# Protocol groups: remote_access proprietary
|
|
4
|
# Wiki: http://www.protocolinfo.org/wiki/Radmin
|
|
5
|
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
|
|
6
|
#
|
|
7
|
# This pattern has been verified with Radmin v1.1 and v3.0beta on Win2000/XP
|
|
8
|
# It has only been tested between a single pair of computers.
|
|
9
|
|
|
10
|
# The first packet of every TCP stream appears to be either one of:
|
|
11
|
#
|
|
12
|
# 01 00 00 00 01 00 00 00 08 08
|
|
13
|
# 01 00 00 00 01 00 00 00 1b 1b
|
|
14
|
|
|
15
|
radmin
|
|
16
|
^\x01\x01(\x08\x08|\x1b\x1b)$
|
|
17
|
|