...
Note that the web server repponds that the browser it is not authorized to access the web server (the {[HTTP/1.x 401 Unauthorized}} tells you this), and that the only valid form of authentication that the web server will accept is IWS (which is what the WWW-Authenticate: NTLM line tells you). Since IWA is built into the browser (in this case FireFox 1.0), it prompts the user for their username and password. A hash of these credentials (not the credentials themselves) is passed to the web server (in the line Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=), which allows the web server look up the user in the Windows password database and to construct a unique encrypted challenge that the browser can only decrypt with the user's unique password. The long line of characters sent by the web server to the broswer (after the {{WWW-Authenticate: NTLM }} in the diabgram below) is the encrypted challenge:
...