Wireshark 4.5.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
packet-ntlmssp.h
1/* packet-ntlmssp.h
2 * Declarations for NTLM Secure Service Provider
3 * Copyright 2003, Tim Potter <[email protected]>
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <[email protected]>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12#ifndef __PACKET_NTLMSSP_H__
13#define __PACKET_NTLMSSP_H__
14
15/* Message types */
16
17#define NTLMSSP_NEGOTIATE 1
18#define NTLMSSP_CHALLENGE 2
19#define NTLMSSP_AUTH 3
20#define NTLMSSP_UNKNOWN 4
21
22#define NTLMSSP_KEY_LEN 16
23
24#define NTLMSSP_MAX_ORIG_LEN 256
25
26typedef struct _md4_pass {
27 uint8_t md4[NTLMSSP_KEY_LEN];
28 char key_origin[NTLMSSP_MAX_ORIG_LEN+1];
29} md4_pass;
30
31uint32_t
32get_md4pass_list(wmem_allocator_t *pool, md4_pass** p_pass_list);
33
34/* Dissect a ntlmv2 response */
35
36int
37dissect_ntlmv2_response(tvbuff_t *tvb, packet_info *pinfo, proto_tree *ntlmssp_tree, int offset, int len);
38
39/* the ntlmssp data passed to tap listeners */
40typedef struct _ntlmssp_header_t {
41 uint32_t type;
42 const uint8_t *domain_name;
43 const uint8_t *acct_name;
44 const uint8_t *host_name;
45 uint8_t session_key[NTLMSSP_KEY_LEN];
47
48#define NTLMSSP_BLOB_MAX_SIZE 10240
49typedef struct _ntlmssp_blob {
50 uint16_t length;
51 uint8_t* contents;
53
54void
55ntlmssp_create_session_key(packet_info *pinfo,
56 proto_tree *tree,
57 ntlmssp_header_t *ntlmssph,
58 int flags,
59 const uint8_t *server_challenge,
60 const uint8_t *encryptedsessionkey,
61 const ntlmssp_blob *ntlm_response,
62 const ntlmssp_blob *lm_response);
63
64int
65dissect_ntlmssp_NTLM_REMOTE_SUPPLEMENTAL_CREDENTIAL(tvbuff_t *tvb, int offset, proto_tree *tree);
66
67#endif
Definition packet-ntlmssp.h:26
Definition packet-ntlmssp.h:49
Definition packet-ntlmssp.h:40
Definition packet_info.h:43
Definition proto.h:903
Definition wmem_allocator.h:27
Definition tvbuff-int.h:35