This article discussed how to set up an environment for decrypting RDP traffic. We extracted the private key from our Windows host acting as the RDP server after ensuring the client did not use any forward secrecy ciphers. Then we quickly captured a pcap of network traffic. We were able to decrypt RDP traffic after the session ended by using the server's private key. When creating signatures to detect RDP vulnerabilities and attacks, this type of environment can be useful to security professionals.

https://www.hackingarticles.in/wireshark-for-pentester-decrypting-rdp-traffic/