Wireshark-users: [Wireshark-users] Decoding custom application traffic as NTLMSSP

Date Prev · Date Next · Thread Prev · Thread Next
Date: Sat, 3 Nov 2012 12:28:05 -0000
Hi all,

I captured the traffic of a custom windows application that is
communicating via WCF TCP (not HTTP).
The application uses Windows NTLMSSP authentication. This can quite easily
spotted by the packets starting with the "NTLMSSP" string. For now I
"decoded" the NTLMSSP handshake manually to extract challenge and response
because I was not able to tell wireshark that it should decode that
payload as ntlmssp, but that is not very convenient on the long run.

Is it possible to tell wireshark to decode certain traffic as ntlmssp?
My first try was to choose "Decode as..." but there is no ntlmssp option
to choose.

thanks in advance,
Mike