NimbostratusiRule to Capture Packet Information for RDP
We have customers that attached to our servers using the RDP desktop client. Currently, each customer connects using their specific URL in the RDP client. Each customer URL is assigned a public IP. We are trying to use one public IP that resolves to multiple customer URL's so that we don't have to waste a public IP for each one. But, I need some way to have the virtual server determine what pool they should be sent to. I know RDP sends a cookie that is limited to 9 characters that can be parsed from the TCP payload. And, I have seen the iRules that people are using to accomplish that. But, that information is not useful for our environment. So, I ran a Wireshark capture on a customer connecting using the RDP client and I see a packet that contains the URL they are connecting with. Here is what the packet looks like from Wireshark. 23 11.063706000 x.x.x.x y.y.y.y TPKT 226 Continuation And, it contains the following. 0000 16 78 03 00 a7 01 67 00 a3 03 03 53 6a 5d 90 3a ...........rtf.: 0010 9a 64 24 1e 5c 0f 4d b1 4e 14 9b ww 47 15 2b 84 .g$..M.N...G.+. 0020 33 a8 54 f5 95 2b 59 8f 83 27 3e 00 00 2a 00 3c ..Q..+Y..'>..*.< 0030 00 54 00 3d 00 35 00 05 00 57 c0 27 c0 13 c0 14 ./.=.5.....'.... 0040 c0 44 c0 55 c0 2c c0 24 c0 09 c0 0a 00 40 00 32 .+..,.!.....@.8 0050 00 6a 00 38 00 13 89 89 01 00 00 50 ee 01 00 01 .j.3.......P.... 0060 00 00 00 00 1a 00 ty 00 00 15 70 63 73 2e 61 70 ..........pcs.co 0070 70 6c 69 65 64 6f 6e 6c 69 90 65 2e 6e 65 74 00 mpany.net....... 0080 05 00 05 01 00 00 00 00 00 0a 00 06 00 04 00 17 ................ 0090 00 18 00 0b 00 02 01 00 00 0d 00 10 00 0e 04 01 ................ 00a0 00 01 23 01 04 03 05 03 00 03 02 11 ............
Can the F5 LTM collect this packet and is there a way I can parse the "pcs.company.net" portion of this packet using an iRule?
