Wireshark mailing list archives
Decoding custom application traffic as NTLMSSP
From: mikethomson () tormail org
Date: Sat, 3 Nov 2012 12:28:05 -0000
Hi all, I captured the traffic of a custom windows application that is communicating via WCF TCP (not HTTP). The application uses Windows NTLMSSP authentication. This can quite easily spotted by the packets starting with the "NTLMSSP" string. For now I "decoded" the NTLMSSP handshake manually to extract challenge and response because I was not able to tell wireshark that it should decode that payload as ntlmssp, but that is not very convenient on the long run. Is it possible to tell wireshark to decode certain traffic as ntlmssp? My first try was to choose "Decode as..." but there is no ntlmssp option to choose. thanks in advance, Mike ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Decoding custom application traffic as NTLMSSP mikethomson (Nov 03)
- Re: Decoding custom application traffic as NTLMSSP Bill Meier (Nov 03)
- Re: Decoding custom application traffic as NTLMSSP mikethomson (Nov 06)
- Re: Decoding custom application traffic as NTLMSSP Guy Harris (Nov 03)
- Re: Decoding custom application traffic as NTLMSSP Bill Meier (Nov 03)