From 80469a1fde28ba4413843c43fb9a88c38e651a3c Mon Sep 17 00:00:00 2001
From: Justin Azoff <justin.azoff@gmail.com>
Date: Wed, 8 Jan 2020 11:40:28 -0500
Subject: [PATCH] fix NTLM field value access

The fields being checked for existence were not the same as the fields
being accessed.
---
 scripts/base/protocols/ntlm/main.zeek | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/base/protocols/ntlm/main.zeek b/scripts/base/protocols/ntlm/main.zeek
index fb10a9868f..81bfa633dd 100644
--- a/scripts/base/protocols/ntlm/main.zeek
+++ b/scripts/base/protocols/ntlm/main.zeek
@@ -65,9 +65,9 @@ event ntlm_challenge(c: connection, challenge: NTLM::Challenge) &priority=5
 	if ( challenge?$target_info )
 		{
 		local ti = challenge$target_info;
-		if ( ti?$nb_domain_name )
+		if ( ti?$nb_computer_name )
 			c$ntlm$server_nb_computer_name = ti$nb_computer_name;
-		if ( ti?$dns_domain_name )
+		if ( ti?$dns_computer_name )
 			c$ntlm$server_dns_computer_name = ti$dns_computer_name;
 		if ( ti?$dns_tree_name )
 			c$ntlm$server_tree_name = ti$dns_tree_name;