Hi all,
I captured the traffic of a custom windows application that is
communicating via WCF TCP (not HTTP).
The application uses Windows NTLMSSP authentication. This can quite easily
spotted by the packets starting with the "NTLMSSP" string. For now I
"decoded" the NTLMSSP handshake manually to extract challenge and response
because I was not able to tell wireshark that it should decode that
payload as ntlmssp, but that is not very convenient on the long run.
Is it possible to tell wireshark to decode certain traffic as ntlmssp?
My first try was to choose "Decode as..." but there is no ntlmssp option
to choose.
thanks in advance,
Mike