Wireshark · Display Filter Reference: Microsoft Local Security Architecture

Display Filter Reference: Microsoft Local Security Architecture

Protocol field name: lsa

Versions: 1.0.0 to 1.0.16

Field name	Description	Type	Versions
lsa.access_mask	Access Mask	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.access_mask.audit_log_admin	Administer audit log attributes	Boolean	1.0.0 to 1.0.16
lsa.access_mask.create_account	Create special accounts (for assignment of user rights)	Boolean	1.0.0 to 1.0.16
lsa.access_mask.create_priv	Create a privilege	Boolean	1.0.0 to 1.0.16
lsa.access_mask.create_secret	Create a secret object	Boolean	1.0.0 to 1.0.16
lsa.access_mask.get_privateinfo	Get sensitive policy information	Boolean	1.0.0 to 1.0.16
lsa.access_mask.lookup_names	Lookup Names/SIDs	Boolean	1.0.0 to 1.0.16
lsa.access_mask.server_admin	Enable/Disable LSA	Boolean	1.0.0 to 1.0.16
lsa.access_mask.set_audit_requirements	Change system audit requirements	Boolean	1.0.0 to 1.0.16
lsa.access_mask.set_default_quota_limits	Set default quota limits	Boolean	1.0.0 to 1.0.16
lsa.access_mask.trust_admin	Modify domain trust relationships	Boolean	1.0.0 to 1.0.16
lsa.access_mask.view_audit_info	View system audit requirements	Boolean	1.0.0 to 1.0.16
lsa.access_mask.view_local_info	View non-sensitive policy information	Boolean	1.0.0 to 1.0.16
lsa.acct	Account	Character string	1.0.0 to 1.0.16
lsa.attr	Attr	Unsigned integer, 8 bytes	1.0.0 to 1.0.16
lsa.auth.blob	Auth blob	Sequence of bytes	1.0.0 to 1.0.16
lsa.auth.len	Auth Len	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.auth.type	Auth Type	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.auth.update	Update	Unsigned integer, 8 bytes	1.0.0 to 1.0.16
lsa.controller	Controller	Character string	1.0.0 to 1.0.16
lsa.count	Count	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.cur.mtime	Current MTime	Date and time	1.0.0 to 1.0.16
lsa.domain	Domain	Character string	1.0.0 to 1.0.16
lsa.flat_name	Flat Name	Character string	1.0.0 to 1.0.16
lsa.forest	Forest	Character string	1.0.0 to 1.0.16
lsa.fqdn_domain	FQDN	Character string	1.0.0 to 1.0.16
lsa.hnd	Context Handle	Sequence of bytes	1.0.0 to 1.0.16
lsa.index	Index	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.info.level	Level	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.info_type	Info Type	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.key	Key	Character string	1.0.0 to 1.0.16
lsa.max_count	Max Count	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.mod.mtime	MTime	Date and time	1.0.0 to 1.0.16
lsa.mod.seq_no	Seq No	Unsigned integer, 8 bytes	1.0.0 to 1.0.16
lsa.name	Name	Character string	1.0.0 to 1.0.16
lsa.new_pwd	New Password	Sequence of bytes	1.0.0 to 1.0.16
lsa.num_mapped	Num Mapped	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.obj_attr	Attributes	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.obj_attr.len	Length	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.obj_attr.name	Name	Character string	1.0.0 to 1.0.16
lsa.old.mtime	Old MTime	Date and time	1.0.0 to 1.0.16
lsa.old_pwd	Old Password	Sequence of bytes	1.0.0 to 1.0.16
lsa.opnum	Operation	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.paei.enabled	Auditing enabled	Unsigned integer, 1 byte	1.0.0 to 1.0.16
lsa.paei.settings	Settings	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.pali.log_size	Log Size	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.pali.next_audit_record	Next Audit Record	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.pali.percent_full	Percent Full	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.pali.retention_period	Retention Period	Time offset	1.0.0 to 1.0.16
lsa.pali.shutdown_in_progress	Shutdown in progress	Unsigned integer, 1 byte	1.0.0 to 1.0.16
lsa.pali.time_to_shutdown	Time to shutdown	Time offset	1.0.0 to 1.0.16
lsa.policy.info	Info Class	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.policy_information	POLICY INFO	Label	1.0.0 to 1.0.16
lsa.privilege.display__name.size	Size Needed	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.privilege.display_name	Display Name	Character string	1.0.0 to 1.0.16
lsa.privilege.name	Name	Character string	1.0.0 to 1.0.16
lsa.qos.effective_only	Effective only	Unsigned integer, 1 byte	1.0.0 to 1.0.16
lsa.qos.imp_lev	Impersonation level	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.qos.len	Length	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.qos.track_ctx	Context Tracking	Unsigned integer, 1 byte	1.0.0 to 1.0.16
lsa.quota.max_wss	Max WSS	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.quota.min_wss	Min WSS	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.quota.non_paged_pool	Non Paged Pool	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.quota.paged_pool	Paged Pool	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.quota.pagefile	Pagefile	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.rc	Return code	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.remove_all	Remove All	Unsigned integer, 1 byte	1.0.0 to 1.0.16
lsa.resume_handle	Resume Handle	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.rid	RID	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.rid.offset	RID Offset	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.rights	Rights	Character string	1.0.0 to 1.0.16
lsa.sd_size	Size	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.secret	LSA Secret	Sequence of bytes	1.0.0 to 1.0.16
lsa.server	Server	Character string	1.0.0 to 1.0.16
lsa.server_role	Role	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.sid_type	SID Type	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.size	Size	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.source	Source	Character string	1.0.0 to 1.0.16
lsa.trust.attr	Trust Attr	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.trust.attr.non_trans	Non Transitive	Boolean	1.0.0 to 1.0.16
lsa.trust.attr.tree_parent	Tree Parent	Boolean	1.0.0 to 1.0.16
lsa.trust.attr.tree_root	Tree Root	Boolean	1.0.0 to 1.0.16
lsa.trust.attr.uplevel_only	Upleve only	Boolean	1.0.0 to 1.0.16
lsa.trust.direction	Trust Direction	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.trust.type	Trust Type	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.trusted.info_level	Info Level	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.unknown.char	Unknown char	Unsigned integer, 1 byte	1.0.0 to 1.0.16
lsa.unknown.hyper	Unknown hyper	Unsigned integer, 8 bytes	1.0.0 to 1.0.16
lsa.unknown.long	Unknown long	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
lsa.unknown.short	Unknown short	Unsigned integer, 2 bytes	1.0.0 to 1.0.16
lsa.unknown_string	Unknown string	Character string	1.0.0 to 1.0.16
nt.luid.high	High	Unsigned integer, 4 bytes	1.0.0 to 1.0.16
nt.luid.low	Low	Unsigned integer, 4 bytes	1.0.0 to 1.0.16

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11

• Full stack analysis – from packets to pages
• Rich performance metrics & pre-defined insights for fast problem identification/resolution
• Modular, flexible solution for deeply-analyzing network & application performance

Learn More