diff --git a/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac b/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
index 6a6eebd175..3564fcf213 100644
--- a/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
+++ b/src/analyzer/protocol/rdp/rdpeudp-analyzer.pac
@@ -25,7 +25,7 @@ refine connection RDPEUDP_Conn += {
 
 	function is_rdpeudp2(): bool
 		%{
-		return ((orig_synex_flags_ & resp_synex_flags_) >= RDPUDP_PROTOCOL_VERSION_3);
+		return orig_synex_flags_  == RDPUDP_PROTOCOL_VERSION_3 && resp_synex_flags_ == RDPUDP_PROTOCOL_VERSION_3;
 		%}
 
 	function proc_rdpeudp_syn(is_orig: bool, uFlags: uint16, snSourceAck: uint32, uUdpVer: uint16): bool
diff --git a/src/analyzer/protocol/rdp/rdpeudp-protocol.pac b/src/analyzer/protocol/rdp/rdpeudp-protocol.pac
index 2ca3f922be..fb2cb91efa 100644
--- a/src/analyzer/protocol/rdp/rdpeudp-protocol.pac
+++ b/src/analyzer/protocol/rdp/rdpeudp-protocol.pac
@@ -43,7 +43,7 @@ type RDPEUDP_SYN(pdu: RDPEUDP_PDU, is_orig: bool) = record {
 type RDPUDP_SYNEX_PAYLOAD = record {
 	uSynExFlags:	uint16;
 	uUdpVer:	uint16;
-	cookieHash:	case ((uUdpVer & RDPUDP_PROTOCOL_VERSION_3) > 0) of {
+	cookieHash:	case (uUdpVer == RDPUDP_PROTOCOL_VERSION_3) of {
 		true -> has_cookie_hash:	uint8[32];
 		false -> has_no_cookie_hash:	empty;
 	};