Frame Number: 3

• geninfo General information
  • num Number
  • len Frame Length
  • caplen Captured Length
  • timestamp Captured Time
• frame Frame 3: 328 bytes on wire (2624 bits), 328 bytes captured (2624 bits)
  • frame.encap_type Encapsulation type: Ethernet (1)
  • frame.time Arrival Time: Aug 16, 2005 05:41:06.771346000 Eastern Daylight Time
  • frame.offset_shift Time shift for this packet: 0.000000000 seconds
  • frame.time_epoch Epoch Time: 1124185266.771346000 seconds
  • frame.time_delta Time delta from previous captured frame: 0.027958000 seconds
  • frame.time_delta_displayed Time delta from previous displayed frame: 0.027958000 seconds
  • frame.time_relative Time since reference or first frame: 0.027969000 seconds
  • frame.number Frame Number: 3
  • frame.len Frame Length: 328 bytes (2624 bits)
  • frame.cap_len Capture Length: 328 bytes (2624 bits)
  • frame.marked Frame is marked: False
  • frame.ignored Frame is ignored: False
  • frame.protocols Protocols in frame: eth:ip:udp:kerberos
  • frame.coloring_rule.name Coloring Rule Name: UDP
  • frame.coloring_rule.string Coloring Rule String: udp
• eth Ethernet II, Src: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c), Dst: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
  • eth.dst Destination: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
    • eth.addr Address: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
    • eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    • eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  • eth.src Source: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
    • eth.addr Address: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
    • eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    • eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  • eth.type Type: IP (0x0800)
• ip Internet Protocol Version 4, Src: 10.1.12.2 (10.1.12.2), Dst: 10.5.3.1 (10.5.3.1)
  • ip.version Version: 4
  • ip.hdr_len Header length: 20 bytes
  • ip.dsfield Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    • ip.dsfield.dscp 0000 00.. = Differentiated Services Codepoint: Default (0x00)
    • ip.dsfield.ecn .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  • ip.len Total Length: 314
  • ip.id Identification: 0x0094 (148)
  • ip.flags Flags: 0x00
    • ip.flags.rb 0... .... = Reserved bit: Not set
    • ip.flags.df .0.. .... = Don't fragment: Not set
    • ip.flags.mf ..0. .... = More fragments: Not set
  • ip.frag_offset Fragment offset: 0
  • ip.ttl Time to live: 128
  • ip.proto Protocol: UDP (17)
  • ip.checksum Header checksum: 0x1617 [validation disabled]
    • ip.checksum_good Good: False
    • ip.checksum_bad Bad: False
  • ip.src Source: 10.1.12.2 (10.1.12.2)
  • ip.addr Source or Destination Address: 10.1.12.2 (10.1.12.2)
  • ip.src_host Source Host: 10.1.12.2
  • ip.host Source or Destination Host: 10.1.12.2
  • ip.dst Destination: 10.5.3.1 (10.5.3.1)
  • ip.addr Source or Destination Address: 10.5.3.1 (10.5.3.1)
  • ip.dst_host Destination Host: 10.5.3.1
  • ip.host Source or Destination Host: 10.5.3.1
  • Source GeoIP: Unknown
  • Destination GeoIP: Unknown
• udp User Datagram Protocol, Src Port: polestar (1060), Dst Port: kerberos (88)
  • udp.srcport Source port: polestar (1060)
  • udp.dstport Destination port: kerberos (88)
  • udp.port Source or Destination Port: 1060
  • udp.port Source or Destination Port: 88
  • udp.length Length: 294
  • udp.checksum_coverage Checksum coverage: 294
  • udp.checksum Checksum: 0x7511 [validation disabled]
    • udp.checksum_good Good Checksum: False
    • udp.checksum_bad Bad Checksum: False
• kerberos Kerberos AS-REQ
  • kerberos.pvno Pvno: 5
  • kerberos.msg.type MSG Type: AS-REQ (10)
  • kerberos.padata padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
    • kerberos.padata.type Type: PA-ENC-TIMESTAMP (2)
      • kerberos.padata.value Value: 3049a003020103a106020400a2f790a23a0438233b4272aa... des-cbc-md5
        • kerberos.etype Encryption type: des-cbc-md5 (3)
        • kerberos.kvno Kvno: 10680208
        • kerberos.PA_ENC_TIMESTAMP.encrypted enc PA_ENC_TIMESTAMP: 233b4272aa93727221facfdbdcc9d1d9a0c43a2798c81060...
          • kerberos [Decrypted using: keytab principal des@DENYDC.COM]
          • kerberos.patimestamp patimestamp: 2005-08-16 09:40:29 (UTC)
          • kerberos.pausec pausec: 546139
    • kerberos.padata.type Type: PA-PAC-REQUEST (128)
      • kerberos.padata.value Value: 3005a0030101ff
        • kerberos.pac_request.flag PAC Request: True
  • kerberos.kdc_req_body KDC_REQ_BODY
    • ber.bitstring.padding Padding: 0
    • kerberos.kdcoptions KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize, Renewable OK)
      • kerberos.kdcoptions.forwardable .1.. .... .... .... .... .... .... .... = Forwardable: FORWARDABLE tickets are allowed/requested
      • kerberos.kdcoptions.forwarded ..0. .... .... .... .... .... .... .... = Forwarded: This is NOT a forwarded ticket
      • kerberos.kdcoptions.proxiable ...0 .... .... .... .... .... .... .... = Proxiable: Do NOT use proxiable tickets
      • kerberos.kdcoptions.proxy .... 0... .... .... .... .... .... .... = Proxy: This ticket has NOT been proxied
      • kerberos.kdcoptions.allow_postdate .... .0.. .... .... .... .... .... .... = Allow Postdate: We do NOT allow the ticket to be postdated
      • kerberos.kdcoptions.postdated .... ..0. .... .... .... .... .... .... = Postdated: This ticket is NOT postdated
      • kerberos.kdcoptions.renewable .... .... 1... .... .... .... .... .... = Renewable: This ticket is RENEWABLE
      • kerberos.kdcoptions.opt_hardware_auth .... .... ...0 .... .... .... .... .... = Opt HW Auth: False
      • kerberos.kdcoptions.constrained_delegation .... .... .... ..0. .... .... .... .... = Constrained Delegation: This is a normal request (no constrained delegation)
      • kerberos.kdcoptions.canonicalize .... .... .... ...1 .... .... .... .... = Canonicalize: This is a request for a CANONICALIZED ticket
      • kerberos.kdcoptions.disable_transited_check .... .... .... .... .... .... ..0. .... = Disable Transited Check: Transited checking is NOT disabled
      • kerberos.kdcoptions.renewable_ok .... .... .... .... .... .... ...1 .... = Renewable OK: We accept RENEWED tickets
      • kerberos.kdcoptions.enc_tkt_in_skey .... .... .... .... .... .... .... 0... = Enc-Tkt-in-Skey: Do NOT encrypt the tkt using the skey
      • kerberos.kdcoptions.renew .... .... .... .... .... .... .... ..0. = Renew: This is NOT a request to renew a ticket
      • kerberos.kdcoptions.validate .... .... .... .... .... .... .... ...0 = Validate: This is NOT a request to validate a postdated ticket
    • kerberos.cname Client Name (Principal): des
      • kerberos.name_type Name-type: Principal (1)
      • kerberos.name_string Name: des
    • kerberos.realm Realm: DENYDC
    • kerberos.sname Server Name (Service and Instance): krbtgt/DENYDC
      • kerberos.name_type Name-type: Service and Instance (2)
      • kerberos.name_string Name: krbtgt
      • kerberos.name_string Name: DENYDC
    • kerberos.till till: 2037-09-13 02:48:05 (UTC)
    • kerberos.rtime rtime: 2037-09-13 02:48:05 (UTC)
    • kerberos.nonce Nonce: 197451134
    • kerberos.etypes Encryption Types: des-cbc-md5 des-cbc-crc
      • kerberos.etype Encryption type: des-cbc-md5 (3)
      • kerberos.etype Encryption type: des-cbc-crc (1)
    • kerberos.hostaddresses HostAddresses: XP1<20>
      • kerberos.hostaddress HostAddress XP1<20>
        • kerberos.addr_type Addr-type: NETBIOS (20)
        • kerberos.addr_nb NetBIOS Name: XP1<20> (Server service)