Display Filter Reference: NTLM Secure Service Provider

Protocol field name: ntlmssp

Versions: 1.0.0 to 4.0.0

Back to Display Filter Reference

Field name Description Type Versions
ntlmssp.auth.domain Domain name Character string 1.0.0 to 4.0.0
ntlmssp.auth.hostname Host name Character string 1.0.0 to 4.0.0
ntlmssp.auth.lmresponse Lan Manager Response Byte sequence 1.0.0 to 4.0.0
ntlmssp.auth.ntresponse NTLM Response Byte sequence 1.0.0 to 4.0.0
ntlmssp.auth.sesskey Session Key Byte sequence 1.0.0 to 4.0.0
ntlmssp.auth.username User name Character string 1.0.0 to 4.0.0
ntlmssp.authenticate.mic MIC Byte sequence 1.4.1 to 4.0.0
ntlmssp.authenticated Authenticated NTHASH Label 3.4.0 to 4.0.0
ntlmssp.blob.length Length Unsigned integer (2 bytes) 1.0.0 to 4.0.0
ntlmssp.blob.length.too_long Session blob length too long Label 1.12.0 to 4.0.0
ntlmssp.blob.maxlen Maxlen Unsigned integer (2 bytes) 1.0.0 to 4.0.0
ntlmssp.blob.offset Offset Unsigned integer (4 bytes) 1.0.0 to 4.0.0
ntlmssp.challenge.addresslist Address List Label 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.domaindns Domain DNS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.domainnb Domain NetBIOS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.item.content Target item Content Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.item.length Target item Length Unsigned integer (2 bytes) 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.length Length Unsigned integer (2 bytes) 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.maxlen Maxlen Unsigned integer (2 bytes) 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.offset Offset Unsigned integer (4 bytes) 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.serverdns Server DNS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.servernb Server NetBIOS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.terminator List Terminator Label 1.0.0 to 1.4.15
ntlmssp.challenge.domain Domain Character string 1.0.0 to 1.4.0
ntlmssp.challenge.target_info Target Info Label 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.channel_bindings Channel Bindings Byte sequence 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.dns_computer_name DNS Computer Name Character string 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.dns_domain_name DNS Domain Name Character string 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.dns_tree_name DNS Tree Name Character string 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.end List End Label 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.flags Flags Unsigned integer (4 bytes) 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.item.length Target Info Item Length Unsigned integer (2 bytes) 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.item.type Target Info Item Type Unsigned integer (2 bytes) 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.length Length Unsigned integer (2 bytes) 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.maxlen Maxlen Unsigned integer (2 bytes) 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.nb_computer_name NetBIOS Computer Name Character string 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.nb_domain_name NetBIOS Domain Name Character string 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.offset Offset Unsigned integer (4 bytes) 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.restrictions Restrictions Byte sequence 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.target_name Target Name Character string 1.6.0 to 4.0.0
ntlmssp.challenge.target_info.timestamp Timestamp Date and time 1.6.0 to 4.0.0
ntlmssp.challenge.target_name Target Name Character string 1.4.1 to 4.0.0
ntlmssp.decrypted_payload NTLM Decrypted Payload Byte sequence 1.0.0 to 1.8.15
ntlmssp.identifier NTLMSSP identifier Character string 1.0.0 to 4.0.0
ntlmssp.messagetype NTLM Message Type Unsigned integer (4 bytes) 1.0.0 to 4.0.0
ntlmssp.messagetype.unknown Unrecognized NTLMSSP Message Label 2.0.0 to 4.0.0
ntlmssp.negotiate.callingworkstation Calling workstation name Character string 1.0.0 to 4.0.0
ntlmssp.negotiate.callingworkstation.buffer Calling workstation name buffer Unsigned integer (4 bytes) 1.0.0 to 1.8.15
ntlmssp.negotiate.callingworkstation.maxlen Calling workstation name max length Unsigned integer (2 bytes) 1.0.0 to 1.8.15
ntlmssp.negotiate.callingworkstation.strlen Calling workstation name length Unsigned integer (2 bytes) 1.0.0 to 1.8.15
ntlmssp.negotiate.domain Calling workstation domain Character string 1.0.0 to 4.0.0
ntlmssp.negotiate.domain.buffer Calling workstation domain buffer Unsigned integer (4 bytes) 1.0.0 to 1.8.15
ntlmssp.negotiate.domain.maxlen Calling workstation domain max length Unsigned integer (2 bytes) 1.0.0 to 1.8.15
ntlmssp.negotiate.domain.strlen Calling workstation domain length Unsigned integer (2 bytes) 1.0.0 to 1.8.15
ntlmssp.negotiate00000008 Request 0x00000008 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiate00000100 Negotiate 0x00000100 Boolean 1.2.0 to 4.0.0
ntlmssp.negotiate00000400 Negotiate 0x00000400 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiate00000800 Negotiate 0x00000800 Boolean 1.2.0 to 1.10.14
ntlmssp.negotiate00004000 Negotiate 0x00004000 Boolean 1.2.0 to 4.0.0
ntlmssp.negotiate128 Negotiate 128 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiate56 Negotiate 56 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatealwayssign Negotiate Always Sign Boolean 1.0.0 to 4.0.0
ntlmssp.negotiateanonymous Negotiate Anonymous Boolean 1.0.0 to 1.0.16, 1.12.0 to 4.0.0
ntlmssp.negotiatechallengeacceptresponse Negotiate Challenge Accept Response Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatechallengeinitresponse Negotiate Challenge Init Response Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatechallengenonntsessionkey Negotiate Challenge Non NT Session Key Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatedatagram Negotiate Datagram Boolean 1.2.0 to 4.0.0
ntlmssp.negotiatedatagramstyle Negotiate Datagram Style Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatedomainsupplied Negotiate Domain Supplied Boolean 1.0.0 to 1.0.16
ntlmssp.negotiateflags Negotiate Flags Unsigned integer (4 bytes) 1.0.0 to 4.0.0
ntlmssp.negotiateidentify Negotiate Identify Boolean 1.2.0 to 4.0.0
ntlmssp.negotiatekeyexch Negotiate Key Exchange Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatelmkey Negotiate Lan Manager Key Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatenetware Negotiate Netware Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent00100000 Negotiate 0x00100000 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent00200000 Negotiate 0x00200000 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatent00400000 Negotiate 0x00400000 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent01000000 Negotiate 0x01000000 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatent02000000 Negotiate 0x02000000 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent04000000 Negotiate 0x04000000 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatent08000000 Negotiate 0x08000000 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatent10000000 Negotiate 0x10000000 Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatentlm Negotiate NTLM key Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatentlm2 Negotiate Extended Security Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatentonly Negotiate NT Only Boolean 1.2.0 to 4.0.0
ntlmssp.negotiateoem Negotiate OEM Boolean 1.0.0 to 4.0.0
ntlmssp.negotiateoemdomainsupplied Negotiate OEM Domain Supplied Boolean 1.2.0 to 4.0.0
ntlmssp.negotiateoemworkstationsupplied Negotiate OEM Workstation Supplied Boolean 1.2.0 to 4.0.0
ntlmssp.negotiateseal Negotiate Seal Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatesign Negotiate Sign Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatetargetinfo Negotiate Target Info Boolean 1.0.0 to 4.0.0
ntlmssp.negotiatethisislocalcall Negotiate This is Local Call Boolean 1.0.0 to 1.0.16
ntlmssp.negotiateunicode Negotiate UNICODE Boolean 1.0.0 to 4.0.0
ntlmssp.negotiateversion Negotiate Version Boolean 1.2.0 to 4.0.0
ntlmssp.negotiateworkstationsupplied Negotiate Workstation Supplied Boolean 1.0.0 to 1.0.16
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL Label 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.CredentialKey CredentialKey Byte sequence 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.CredentialKeyType CredentialKeyType Unsigned integer (4 bytes) 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.CREDKEY_PRESENT credkey_present Boolean 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.EncryptedCreds EncryptedCreds Byte sequence 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.EncryptedCredsSize EncryptedCredsSize Unsigned integer (4 bytes) 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.Flags Flags Unsigned integer (4 bytes) 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.LM_PRESENT lm_present Boolean 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.NT_PRESENT nt_present Boolean 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.REMOVED removed Boolean 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.SHA_PRESENT sha_present Boolean 3.6.0 to 4.0.0
ntlmssp.NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL.Version Version Unsigned integer (4 bytes) 3.6.0 to 4.0.0
ntlmssp.ntlmchallenge NTLM Challenge Byte sequence 1.0.0 to 1.2.18
ntlmssp.ntlmclientchallenge LMv2 Client Challenge Byte sequence 1.4.0 to 4.0.0
ntlmssp.ntlmserverchallenge NTLM Server Challenge Byte sequence 1.4.0 to 4.0.0
ntlmssp.ntlmv2_response NTLMv2 Response Byte sequence 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.chal NTLMv2 Client Challenge Byte sequence 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.channel_bindings Channel Bindings Byte sequence 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.dns_computer_name DNS Computer Name Character string 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.dns_domain_name DNS Domain Name Character string 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.dns_tree_name DNS Tree Name Character string 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.end List End Label 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.flags Flags Unsigned integer (4 bytes) 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.header Header Unsigned integer (4 bytes) 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.hirversion Hi Response Version Unsigned integer (1 byte) 1.12.0 to 4.0.0
ntlmssp.ntlmv2_response.hmac HMAC Byte sequence 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.item.length NTLMV2 Response Item Length Unsigned integer (2 bytes) 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.item.type NTLMV2 Response Item Type Unsigned integer (2 bytes) 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.nb_computer_name NetBIOS Computer Name Character string 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.nb_domain_name NetBIOS Domain Name Character string 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.ntproofstr NTProofStr Byte sequence 1.12.0 to 4.0.0
ntlmssp.ntlmv2_response.pad padding Byte sequence 1.12.0 to 4.0.0
ntlmssp.ntlmv2_response.reserved Reserved Unsigned integer (4 bytes) 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.restrictions Restrictions Byte sequence 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.rversion Response Version Unsigned integer (1 byte) 1.12.0 to 4.0.0
ntlmssp.ntlmv2_response.target_name Target Name Character string 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.time Time Date and time 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.timestamp Timestamp Date and time 1.6.0 to 4.0.0
ntlmssp.ntlmv2_response.unknown Unknown Unsigned integer (4 bytes) 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.z Z Byte sequence 1.12.0 to 4.0.0
ntlmssp.ntlmv2response NTLMv2 Response Byte sequence 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.chal Client challenge Byte sequence 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.client_time Client Time Date and time 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.header Header Unsigned integer (4 bytes) 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.hmac HMAC Byte sequence 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.name Attribute Character string 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.name.len Value len Unsigned integer (4 bytes) 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.name.restrictions Encoding restrictions Byte sequence 1.4.0 to 1.4.15
ntlmssp.ntlmv2response.name.type Attribute type Unsigned integer (4 bytes) 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.reserved Reserved Unsigned integer (4 bytes) 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.time Time Date and time 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.unknown Unknown Unsigned integer (4 bytes) 1.0.0 to 1.4.15
ntlmssp.requestnonntsession Request Non-NT Session Boolean 1.2.0 to 4.0.0
ntlmssp.requesttarget Request Target Boolean 1.0.0 to 4.0.0
ntlmssp.reserved Reserved Byte sequence 1.0.0 to 4.0.0
ntlmssp.sessionbasekey SessionBaseKey Label 3.4.0 to 4.0.0
ntlmssp.sessionkey SessionKey Label 3.4.0 to 4.0.0
ntlmssp.string.length Length Unsigned integer (2 bytes) 1.0.0 to 4.0.0
ntlmssp.string.maxlen Maxlen Unsigned integer (2 bytes) 1.0.0 to 4.0.0
ntlmssp.string.offset Offset Unsigned integer (4 bytes) 1.0.0 to 4.0.0
ntlmssp.target_info_attr.invalid invalid NTLMSSP Target Info AvPairs Label 3.6.2 to 4.0.0
ntlmssp.target_info_attr.unknown unknown NTLMSSP Target Info Attribute Label 1.12.0 to 4.0.0
ntlmssp.targetitemtype Target item type Unsigned integer (2 bytes) 1.0.0 to 1.4.15
ntlmssp.targettypedomain Target Type Domain Boolean 1.2.0 to 4.0.0
ntlmssp.targettypeserver Target Type Server Boolean 1.2.0 to 4.0.0
ntlmssp.targettypeshare Target Type Share Boolean 1.2.0 to 4.0.0
ntlmssp.v2_key_too_long NTLM v2 key is too long Label 1.12.0 to 4.0.0
ntlmssp.verf NTLMSSP Verifier Label 1.0.0 to 4.0.0
ntlmssp.verf.body Verifier Body Byte sequence 1.0.0 to 4.0.0
ntlmssp.verf.crc32 Verifier CRC32 Unsigned integer (4 bytes) 1.0.0 to 4.0.0
ntlmssp.verf.hmacmd5 HMAC MD5 Byte sequence 1.4.0 to 4.0.0
ntlmssp.verf.randompad Random Pad Unsigned integer (4 bytes) 1.4.0 to 4.0.0
ntlmssp.verf.sequence Sequence Byte sequence 1.0.0 to 4.0.0
ntlmssp.verf.unknown1 Unknown 1 Unsigned integer (4 bytes) 1.0.0 to 1.2.18
ntlmssp.verf.vers Version Number Unsigned integer (4 bytes) 1.0.0 to 4.0.0
ntlmssp.version Version Label 1.6.0 to 4.0.0
ntlmssp.version.build_number Build Number Unsigned integer (2 bytes) 1.4.1 to 4.0.0
ntlmssp.version.major Major Version Unsigned integer (1 byte) 1.4.1 to 4.0.0
ntlmssp.version.minor Minor Version Unsigned integer (1 byte) 1.4.1 to 4.0.0
ntlmssp.version.ntlm_current_revision NTLM Current Revision Unsigned integer (1 byte) 1.4.1 to 4.0.0