Remote Desktop Protocol (RDP) is a multi-channel protocol that allows a user to connect to a networked computer. Clients exist for most versions of Windows (including handheld versions), Linux/Unix, Mac OS X and other modern operating systems. The server listens by default on TCP port 3389. Microsoft refers to the official RDP server software as Terminal Services or Remote Desktop Services. The official client software is referred to as either Remote Desktop Connection (RDC) or Terminal Services Client (TSC). Mac OS X's client is called Apple Remote Desktop (ARD).
I found this for the description for MS-RDP but I can't figure out if thats what I use to classify ARD or not. The ports don't look correct and currently I don't have a way to test the traffic. Any ideas?
You can check whether there is an Application ID signature for a particular application in the Palo Alto Networks Applipedia (http://apps.paloaltonetworks.com/applipedia//).
You can submit a request to have an Application ID signature developed at this URL: http://www.paloaltonetworks.com/researchcenter/submit-an-application/
It appears that ARD falls under the "ms-rdp" application according to Applipedia. If ARD is not being identified by a security policy that has the "ms-rdp" application I recommend the following:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!