I have read that windows 2003 server supports LM authentication for backward compatibility with older windows machine. In my lab setup, i have windows 2003 server, backtrack r4, and windows 98 and windows xp. Now the communication is genuine between 2003 server and windows xp but i need to redirect 2003 authentication to windows 98 so that passwords are sent in lm hashes rather than ntlm. This is hypothetical at this point. Before actually doing this setup, i just need to know am i thinking in the right direction ? can i sniff lm hashes using this way ?