Attached is the patch for handling NTLMSSP dissection. DCE/RPC Bind and Bind Ack are mostly dissected, the DCE/RPC AUTH3 request recognizes that NTLMSSP is in use, but does not yet dissect it.
Based on password changing trace between an NT 4.0 workstation and a Win2k server. Not fully dissected, but a start... Devin Heitmueller Senior Software Engineer Netilla Networks Inc
packet-ntlmssp.c.gz
Description: application/gzip
ntlmssp-patch1.gz
Description: application/gzip
