Display Filter Reference: NTLM Secure Service Provider

Protocol field name: ntlmssp

Versions: 1.0.0 to 2.6.1

Back to Display Filter Reference

Field name Description Type Versions
ntlmssp.auth.domain Domain name Character string 1.0.0 to 2.6.1
ntlmssp.auth.hostname Host name Character string 1.0.0 to 2.6.1
ntlmssp.auth.lmresponse Lan Manager Response Sequence of bytes 1.0.0 to 2.6.1
ntlmssp.auth.ntresponse NTLM Response Sequence of bytes 1.0.0 to 2.6.1
ntlmssp.auth.sesskey Session Key Sequence of bytes 1.0.0 to 2.6.1
ntlmssp.auth.username User name Character string 1.0.0 to 2.6.1
ntlmssp.authenticate.mic MIC Sequence of bytes 1.4.1 to 2.6.1
ntlmssp.blob.length Length Unsigned integer, 2 bytes 1.0.0 to 2.6.1
ntlmssp.blob.length.too_long Session blob length too long Label 1.12.0 to 2.6.1
ntlmssp.blob.maxlen Maxlen Unsigned integer, 2 bytes 1.0.0 to 2.6.1
ntlmssp.blob.offset Offset Unsigned integer, 4 bytes 1.0.0 to 2.6.1
ntlmssp.challenge.addresslist Address List Label 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.domaindns Domain DNS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.domainnb Domain NetBIOS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.item.content Target item Content Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.item.length Target item Length Unsigned integer, 2 bytes 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.length Length Unsigned integer, 2 bytes 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.maxlen Maxlen Unsigned integer, 2 bytes 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.offset Offset Unsigned integer, 4 bytes 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.serverdns Server DNS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.servernb Server NetBIOS Name Character string 1.0.0 to 1.4.15
ntlmssp.challenge.addresslist.terminator List Terminator Label 1.0.0 to 1.4.15
ntlmssp.challenge.domain Domain Character string 1.0.0 to 1.4.0
ntlmssp.challenge.target_info Target Info Label 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.channel_bindings Channel Bindings Sequence of bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.dns_computer_name DNS Computer Name Character string 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.dns_domain_name DNS Domain Name Character string 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.dns_tree_name DNS Tree Name Character string 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.end List End Label 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.flags Flags Unsigned integer, 4 bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.item.length Target Info Item Length Unsigned integer, 2 bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.item.type Target Info Item Type Unsigned integer, 2 bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.length Length Unsigned integer, 2 bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.maxlen Maxlen Unsigned integer, 2 bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.nb_computer_name NetBIOS Computer Name Character string 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.nb_domain_name NetBIOS Domain Name Character string 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.offset Offset Unsigned integer, 4 bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.restrictions Restrictions Sequence of bytes 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.target_name Target Name Character string 1.6.0 to 2.6.1
ntlmssp.challenge.target_info.timestamp Timestamp Date and time 1.6.0 to 2.6.1
ntlmssp.challenge.target_name Target Name Character string 1.4.1 to 2.6.1
ntlmssp.decrypted_payload NTLM Decrypted Payload Sequence of bytes 1.0.0 to 1.8.15
ntlmssp.identifier NTLMSSP identifier Character string 1.0.0 to 2.6.1
ntlmssp.messagetype NTLM Message Type Unsigned integer, 4 bytes 1.0.0 to 2.6.1
ntlmssp.messagetype.unknown Unrecognized NTLMSSP Message Label 2.0.0 to 2.6.1
ntlmssp.negotiate.callingworkstation Calling workstation name Character string 1.0.0 to 2.6.1
ntlmssp.negotiate.callingworkstation.buffer Calling workstation name buffer Unsigned integer, 4 bytes 1.0.0 to 1.8.15
ntlmssp.negotiate.callingworkstation.maxlen Calling workstation name max length Unsigned integer, 2 bytes 1.0.0 to 1.8.15
ntlmssp.negotiate.callingworkstation.strlen Calling workstation name length Unsigned integer, 2 bytes 1.0.0 to 1.8.15
ntlmssp.negotiate.domain Calling workstation domain Character string 1.0.0 to 2.6.1
ntlmssp.negotiate.domain.buffer Calling workstation domain buffer Unsigned integer, 4 bytes 1.0.0 to 1.8.15
ntlmssp.negotiate.domain.maxlen Calling workstation domain max length Unsigned integer, 2 bytes 1.0.0 to 1.8.15
ntlmssp.negotiate.domain.strlen Calling workstation domain length Unsigned integer, 2 bytes 1.0.0 to 1.8.15
ntlmssp.negotiate00000008 Request 0x00000008 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiate00000100 Negotiate 0x00000100 Boolean 1.2.0 to 2.6.1
ntlmssp.negotiate00000400 Negotiate 0x00000400 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiate00000800 Negotiate 0x00000800 Boolean 1.2.0 to 1.10.14
ntlmssp.negotiate00004000 Negotiate 0x00004000 Boolean 1.2.0 to 2.6.1
ntlmssp.negotiate128 Negotiate 128 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiate56 Negotiate 56 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatealwayssign Negotiate Always Sign Boolean 1.0.0 to 2.6.1
ntlmssp.negotiateanonymous Negotiate Anonymous Boolean 1.0.0 to 1.0.16, 1.12.0 to 2.6.1
ntlmssp.negotiatechallengeacceptresponse Negotiate Challenge Accept Response Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatechallengeinitresponse Negotiate Challenge Init Response Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatechallengenonntsessionkey Negotiate Challenge Non NT Session Key Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatedatagram Negotiate Datagram Boolean 1.2.0 to 2.6.1
ntlmssp.negotiatedatagramstyle Negotiate Datagram Style Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatedomainsupplied Negotiate Domain Supplied Boolean 1.0.0 to 1.0.16
ntlmssp.negotiateflags Negotiate Flags Unsigned integer, 4 bytes 1.0.0 to 2.6.1
ntlmssp.negotiateidentify Negotiate Identify Boolean 1.2.0 to 2.6.1
ntlmssp.negotiatekeyexch Negotiate Key Exchange Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatelmkey Negotiate Lan Manager Key Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatenetware Negotiate Netware Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent00100000 Negotiate 0x00100000 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent00200000 Negotiate 0x00200000 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatent00400000 Negotiate 0x00400000 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent01000000 Negotiate 0x01000000 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatent02000000 Negotiate 0x02000000 Boolean 1.0.0 to 1.0.16
ntlmssp.negotiatent04000000 Negotiate 0x04000000 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatent08000000 Negotiate 0x08000000 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatent10000000 Negotiate 0x10000000 Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatentlm Negotiate NTLM key Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatentlm2 Negotiate Extended Security Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatentonly Negotiate NT Only Boolean 1.2.0 to 2.6.1
ntlmssp.negotiateoem Negotiate OEM Boolean 1.0.0 to 2.6.1
ntlmssp.negotiateoemdomainsupplied Negotiate OEM Domain Supplied Boolean 1.2.0 to 2.6.1
ntlmssp.negotiateoemworkstationsupplied Negotiate OEM Workstation Supplied Boolean 1.2.0 to 2.6.1
ntlmssp.negotiateseal Negotiate Seal Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatesign Negotiate Sign Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatetargetinfo Negotiate Target Info Boolean 1.0.0 to 2.6.1
ntlmssp.negotiatethisislocalcall Negotiate This is Local Call Boolean 1.0.0 to 1.0.16
ntlmssp.negotiateunicode Negotiate UNICODE Boolean 1.0.0 to 2.6.1
ntlmssp.negotiateversion Negotiate Version Boolean 1.2.0 to 2.6.1
ntlmssp.negotiateworkstationsupplied Negotiate Workstation Supplied Boolean 1.0.0 to 1.0.16
ntlmssp.ntlmchallenge NTLM Challenge Sequence of bytes 1.0.0 to 1.2.18
ntlmssp.ntlmclientchallenge LMv2 Client Challenge Sequence of bytes 1.4.0 to 2.6.1
ntlmssp.ntlmserverchallenge NTLM Server Challenge Sequence of bytes 1.4.0 to 2.6.1
ntlmssp.ntlmv2_response NTLMv2 Response Sequence of bytes 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.chal NTLMv2 Client Challenge Sequence of bytes 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.channel_bindings Channel Bindings Sequence of bytes 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.dns_computer_name DNS Computer Name Character string 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.dns_domain_name DNS Domain Name Character string 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.dns_tree_name DNS Tree Name Character string 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.end List End Label 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.flags Flags Unsigned integer, 4 bytes 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.header Header Unsigned integer, 4 bytes 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.hirversion Hi Response Version Unsigned integer, 1 byte 1.12.0 to 2.6.1
ntlmssp.ntlmv2_response.hmac HMAC Sequence of bytes 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.item.length NTLMV2 Response Item Length Unsigned integer, 2 bytes 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.item.type NTLMV2 Response Item Type Unsigned integer, 2 bytes 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.nb_computer_name NetBIOS Computer Name Character string 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.nb_domain_name NetBIOS Domain Name Character string 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.ntproofstr NTProofStr Sequence of bytes 1.12.0 to 2.6.1
ntlmssp.ntlmv2_response.pad padding Sequence of bytes 1.12.0 to 2.6.1
ntlmssp.ntlmv2_response.reserved Reserved Unsigned integer, 4 bytes 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.restrictions Restrictions Sequence of bytes 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.rversion Response Version Unsigned integer, 1 byte 1.12.0 to 2.6.1
ntlmssp.ntlmv2_response.target_name Target Name Character string 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.time Time Date and time 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.timestamp Timestamp Date and time 1.6.0 to 2.6.1
ntlmssp.ntlmv2_response.unknown Unknown Unsigned integer, 4 bytes 1.6.0 to 1.10.14
ntlmssp.ntlmv2_response.z Z Sequence of bytes 1.12.0 to 2.6.1
ntlmssp.ntlmv2response NTLMv2 Response Sequence of bytes 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.chal Client challenge Sequence of bytes 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.client_time Client Time Date and time 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.header Header Unsigned integer, 4 bytes 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.hmac HMAC Sequence of bytes 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.name Attribute Character string 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.name.len Value len Unsigned integer, 4 bytes 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.name.restrictions Encoding restrictions Sequence of bytes 1.4.0 to 1.4.15
ntlmssp.ntlmv2response.name.type Attribute type Unsigned integer, 4 bytes 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.reserved Reserved Unsigned integer, 4 bytes 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.time Time Date and time 1.0.0 to 1.4.15
ntlmssp.ntlmv2response.unknown Unknown Unsigned integer, 4 bytes 1.0.0 to 1.4.15
ntlmssp.requestnonntsession Request Non-NT Session Boolean 1.2.0 to 2.6.1
ntlmssp.requesttarget Request Target Boolean 1.0.0 to 2.6.1
ntlmssp.reserved Reserved Sequence of bytes 1.0.0 to 2.6.1
ntlmssp.string.length Length Unsigned integer, 2 bytes 1.0.0 to 2.6.1
ntlmssp.string.maxlen Maxlen Unsigned integer, 2 bytes 1.0.0 to 2.6.1
ntlmssp.string.offset Offset Unsigned integer, 4 bytes 1.0.0 to 2.6.1
ntlmssp.target_info_attr.unknown unknown NTLMSSP Target Info Attribute Label 1.12.0 to 2.6.1
ntlmssp.targetitemtype Target item type Unsigned integer, 2 bytes 1.0.0 to 1.4.15
ntlmssp.targettypedomain Target Type Domain Boolean 1.2.0 to 2.6.1
ntlmssp.targettypeserver Target Type Server Boolean 1.2.0 to 2.6.1
ntlmssp.targettypeshare Target Type Share Boolean 1.2.0 to 2.6.1
ntlmssp.v2_key_too_long NTLM v2 key is too long Label 1.12.0 to 2.6.1
ntlmssp.verf NTLMSSP Verifier Label 1.0.0 to 2.6.1
ntlmssp.verf.body Verifier Body Sequence of bytes 1.0.0 to 2.6.1
ntlmssp.verf.crc32 Verifier CRC32 Unsigned integer, 4 bytes 1.0.0 to 2.6.1
ntlmssp.verf.hmacmd5 HMAC MD5 Sequence of bytes 1.4.0 to 2.6.1
ntlmssp.verf.randompad Random Pad Unsigned integer, 4 bytes 1.4.0 to 2.6.1
ntlmssp.verf.sequence Sequence Sequence of bytes 1.0.0 to 2.6.1
ntlmssp.verf.unknown1 Unknown 1 Unsigned integer, 4 bytes 1.0.0 to 1.2.18
ntlmssp.verf.vers Version Number Unsigned integer, 4 bytes 1.0.0 to 2.6.1
ntlmssp.version Version Label 1.6.0 to 2.6.1
ntlmssp.version.build_number Build Number Unsigned integer, 2 bytes 1.4.1 to 2.6.1
ntlmssp.version.major Major Version Unsigned integer, 1 byte 1.4.1 to 2.6.1
ntlmssp.version.minor Minor Version Unsigned integer, 1 byte 1.4.1 to 2.6.1
ntlmssp.version.ntlm_current_revision NTLM Current Revision Unsigned integer, 1 byte 1.4.1 to 2.6.1
Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ Packet Analyzer PE
  • • Visually rich, powerful LAN analyzer
  • • Quickly access very large pcap files
  • • Professional, customizable reports
  • • Advanced triggers and alerts
Learn More

Buy Now

No, really, I have a LOT of traffic…

ANSWER: SteelCentral™ NetShark appliance
  • • Troubleshoot problems faster
  • • Quickly identify the applications running on your network
  • • Monitor your virtual machine traffic
Learn More