I installed wireshark in my proxy server. I want to know which client is throwing out bad password. Is there away I can use wireshark to find out which client it is ? asked 14 Mar '17, 15:42  gnynot |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
I'm using NTLM authentication. I see that ntlmssp.auth.username == user1 doesn't help with anything am I using wrong syntax?
Is your proxy a HTTP proxy?
Is your connection to the proxy dissected as HTTP? Maybe you have to use 'Decode as' HTTP first?
If the connection is dissected as HTTP, 'ntlmssp.auth.username==foobar' lists the packets with a NTLM auth for user foobar (at least with my setup).