Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Display Filter Reference: Microsoft Local Security Architecture

Protocol field name: lsa

Versions: 1.0.0 to 1.0.16

Back to Display Filter Reference

Field name Description Type Versions
lsa.access_maskAccess MaskUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.access_mask.audit_log_adminAdminister audit log attributesBoolean1.0.0 to 1.0.16
lsa.access_mask.create_accountCreate special accounts (for assignment of user rights)Boolean1.0.0 to 1.0.16
lsa.access_mask.create_privCreate a privilegeBoolean1.0.0 to 1.0.16
lsa.access_mask.create_secretCreate a secret objectBoolean1.0.0 to 1.0.16
lsa.access_mask.get_privateinfoGet sensitive policy informationBoolean1.0.0 to 1.0.16
lsa.access_mask.lookup_namesLookup Names/SIDsBoolean1.0.0 to 1.0.16
lsa.access_mask.server_adminEnable/Disable LSABoolean1.0.0 to 1.0.16
lsa.access_mask.set_audit_requirementsChange system audit requirementsBoolean1.0.0 to 1.0.16
lsa.access_mask.set_default_quota_limitsSet default quota limitsBoolean1.0.0 to 1.0.16
lsa.access_mask.trust_adminModify domain trust relationshipsBoolean1.0.0 to 1.0.16
lsa.access_mask.view_audit_infoView system audit requirementsBoolean1.0.0 to 1.0.16
lsa.access_mask.view_local_infoView non-sensitive policy informationBoolean1.0.0 to 1.0.16
lsa.acctAccountCharacter string1.0.0 to 1.0.16
lsa.attrAttrUnsigned integer (64 bits)1.0.0 to 1.0.16
lsa.auth.blobAuth blobByte sequence1.0.0 to 1.0.16
lsa.auth.lenAuth LenUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.auth.typeAuth TypeUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.auth.updateUpdateUnsigned integer (64 bits)1.0.0 to 1.0.16
lsa.controllerControllerCharacter string1.0.0 to 1.0.16
lsa.countCountUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.cur.mtimeCurrent MTimeDate and time1.0.0 to 1.0.16
lsa.domainDomainCharacter string1.0.0 to 1.0.16
lsa.flat_nameFlat NameCharacter string1.0.0 to 1.0.16
lsa.forestForestCharacter string1.0.0 to 1.0.16
lsa.fqdn_domainFQDNCharacter string1.0.0 to 1.0.16
lsa.hndContext HandleByte sequence1.0.0 to 1.0.16
lsa.indexIndexUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.info.levelLevelUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.info_typeInfo TypeUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.keyKeyCharacter string1.0.0 to 1.0.16
lsa.max_countMax CountUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.mod.mtimeMTimeDate and time1.0.0 to 1.0.16
lsa.mod.seq_noSeq NoUnsigned integer (64 bits)1.0.0 to 1.0.16
lsa.nameNameCharacter string1.0.0 to 1.0.16
lsa.new_pwdNew PasswordByte sequence1.0.0 to 1.0.16
lsa.num_mappedNum MappedUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.obj_attrAttributesUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.obj_attr.lenLengthUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.obj_attr.nameNameCharacter string1.0.0 to 1.0.16
lsa.old.mtimeOld MTimeDate and time1.0.0 to 1.0.16
lsa.old_pwdOld PasswordByte sequence1.0.0 to 1.0.16
lsa.opnumOperationUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.paei.enabledAuditing enabledUnsigned integer (8 bits)1.0.0 to 1.0.16
lsa.paei.settingsSettingsUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.pali.log_sizeLog SizeUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.pali.next_audit_recordNext Audit RecordUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.pali.percent_fullPercent FullUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.pali.retention_periodRetention PeriodTime offset1.0.0 to 1.0.16
lsa.pali.shutdown_in_progressShutdown in progressUnsigned integer (8 bits)1.0.0 to 1.0.16
lsa.pali.time_to_shutdownTime to shutdownTime offset1.0.0 to 1.0.16
lsa.policy.infoInfo ClassUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.policy_informationPOLICY INFOLabel1.0.0 to 1.0.16
lsa.privilege.display__name.sizeSize NeededUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.privilege.display_nameDisplay NameCharacter string1.0.0 to 1.0.16
lsa.privilege.nameNameCharacter string1.0.0 to 1.0.16
lsa.qos.effective_onlyEffective onlyUnsigned integer (8 bits)1.0.0 to 1.0.16
lsa.qos.imp_levImpersonation levelUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.qos.lenLengthUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.qos.track_ctxContext TrackingUnsigned integer (8 bits)1.0.0 to 1.0.16
lsa.quota.max_wssMax WSSUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.quota.min_wssMin WSSUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.quota.non_paged_poolNon Paged PoolUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.quota.paged_poolPaged PoolUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.quota.pagefilePagefileUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.rcReturn codeUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.remove_allRemove AllUnsigned integer (8 bits)1.0.0 to 1.0.16
lsa.resume_handleResume HandleUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.ridRIDUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.rid.offsetRID OffsetUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.rightsRightsCharacter string1.0.0 to 1.0.16
lsa.sd_sizeSizeUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.secretLSA SecretByte sequence1.0.0 to 1.0.16
lsa.serverServerCharacter string1.0.0 to 1.0.16
lsa.server_roleRoleUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.sid_typeSID TypeUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.sizeSizeUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.sourceSourceCharacter string1.0.0 to 1.0.16
lsa.trust.attrTrust AttrUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.trust.attr.non_transNon TransitiveBoolean1.0.0 to 1.0.16
lsa.trust.attr.tree_parentTree ParentBoolean1.0.0 to 1.0.16
lsa.trust.attr.tree_rootTree RootBoolean1.0.0 to 1.0.16
lsa.trust.attr.uplevel_onlyUpleve onlyBoolean1.0.0 to 1.0.16
lsa.trust.directionTrust DirectionUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.trust.typeTrust TypeUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.trusted.info_levelInfo LevelUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.unknown.charUnknown charUnsigned integer (8 bits)1.0.0 to 1.0.16
lsa.unknown.hyperUnknown hyperUnsigned integer (64 bits)1.0.0 to 1.0.16
lsa.unknown.longUnknown longUnsigned integer (32 bits)1.0.0 to 1.0.16
lsa.unknown.shortUnknown shortUnsigned integer (16 bits)1.0.0 to 1.0.16
lsa.unknown_stringUnknown stringCharacter string1.0.0 to 1.0.16
nt.luid.highHighUnsigned integer (32 bits)1.0.0 to 1.0.16
nt.luid.lowLowUnsigned integer (32 bits)1.0.0 to 1.0.16