Wireshark · Ethereal-dev: Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows

Ethereal-dev: Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: dheitmueller <dheitmueller@xxxxxxxxxxx>

Date: Tue, 09 Jul 2002 00:03:24 -0400 (EDT)

Quoting Tim Potter <tpot@xxxxxxxxx>:

> The key would probably be something like the md4 hash of a user or
> administrator password, or some hash of this with the session key sent
> in the negprot reply.  There's also the hmac-md4 encryption type
> described in the internet draft draft-brezak-win2k-krb-rc4-hmac-04.txt

The algorithm for the NTLMSSP-1 session key negotiation seems pretty well documented in Luke Leighton's DCE/RPC book in Appendix B.  

> I don't think ethereal does any of these at the moment.

No, but I think it would be quite useful to be able to decrypt the payload of encrypted packets on-the-fly.  Right now though, I'm just focusing on dissecting the protocol properly.

Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc

References:
- [Ethereal-dev] Disabling NTLMSSP negotiation in Windows
  - From: dheitmueller
- Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows
  - From: Todd Sabin
- Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows
  - From: Devin Heitmueller
- Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows
  - From: Tim Potter

Prev by Date: Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows
Next by Date: [Ethereal-dev] Patch for NTLMSSP support
Previous by thread: Re: [Ethereal-dev] Disabling NTLMSSP negotiation in Windows
Next by thread: [Ethereal-dev] minor bug in ethereal 0.9.5
Index(es):
- Date
- Thread