Frame Number: 4
- geninfo General information
- num Number
- len Frame Length
- caplen Captured Length
- timestamp Captured Time
- frame Frame 4: 1298 bytes on wire (10384 bits), 1298 bytes captured (10384 bits)
- frame.encap_type Encapsulation type: Ethernet (1)
- frame.time Arrival Time: Aug 16, 2005 05:41:06.771354000 Eastern Daylight Time
- frame.offset_shift Time shift for this packet: 0.000000000 seconds
- frame.time_epoch Epoch Time: 1124185266.771354000 seconds
- frame.time_delta Time delta from previous captured frame: 0.000008000 seconds
- frame.time_delta_displayed Time delta from previous displayed frame: 0.000008000 seconds
- frame.time_relative Time since reference or first frame: 0.027977000 seconds
- frame.number Frame Number: 4
- frame.len Frame Length: 1298 bytes (10384 bits)
- frame.cap_len Capture Length: 1298 bytes (10384 bits)
- frame.marked Frame is marked: False
- frame.ignored Frame is ignored: False
- frame.protocols Protocols in frame: eth:ip:udp:kerberos
- frame.coloring_rule.name Coloring Rule Name: UDP
- frame.coloring_rule.string Coloring Rule String: udp
- eth Ethernet II, Src: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c), Dst: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
- eth.dst Destination: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
- eth.addr Address: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
- eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
- eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
- eth.src Source: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
- eth.addr Address: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
- eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
- eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
- eth.type Type: IP (0x0800)
- ip Internet Protocol Version 4, Src: 10.5.3.1 (10.5.3.1), Dst: 10.1.12.2 (10.1.12.2)
- ip.version Version: 4
- ip.hdr_len Header length: 20 bytes
- ip.dsfield Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
- ip.dsfield.dscp 0000 00.. = Differentiated Services Codepoint: Default (0x00)
- ip.dsfield.ecn .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
- ip.len Total Length: 1284
- ip.id Identification: 0x48d0 (18640)
- ip.flags Flags: 0x00
- ip.flags.rb 0... .... = Reserved bit: Not set
- ip.flags.df .0.. .... = Don't fragment: Not set
- ip.flags.mf ..0. .... = More fragments: Not set
- ip.frag_offset Fragment offset: 0
- ip.ttl Time to live: 128
- ip.proto Protocol: UDP (17)
- ip.checksum Header checksum: 0xca10 [validation disabled]
- ip.checksum_good Good: False
- ip.checksum_bad Bad: False
- ip.src Source: 10.5.3.1 (10.5.3.1)
- ip.addr Source or Destination Address: 10.5.3.1 (10.5.3.1)
- ip.src_host Source Host: 10.5.3.1
- ip.host Source or Destination Host: 10.5.3.1
- ip.dst Destination: 10.1.12.2 (10.1.12.2)
- ip.addr Source or Destination Address: 10.1.12.2 (10.1.12.2)
- ip.dst_host Destination Host: 10.1.12.2
- ip.host Source or Destination Host: 10.1.12.2
- Source GeoIP: Unknown
- Destination GeoIP: Unknown
- udp User Datagram Protocol, Src Port: kerberos (88), Dst Port: polestar (1060)
- udp.srcport Source port: kerberos (88)
- udp.dstport Destination port: polestar (1060)
- udp.port Source or Destination Port: 88
- udp.port Source or Destination Port: 1060
- udp.length Length: 1264
- udp.checksum_coverage Checksum coverage: 1264
- udp.checksum Checksum: 0x1b09 [validation disabled]
- udp.checksum_good Good Checksum: False
- udp.checksum_bad Bad Checksum: False
- kerberos Kerberos AS-REP
- kerberos.pvno Pvno: 5
- kerberos.msg.type MSG Type: AS-REP (11)
- kerberos.padata padata: PA-PW-SALT
- kerberos.padata.type Type: PA-PW-SALT (3)
- kerberos.padata.value Value: 44454e5944432e434f4d646573
- kerberos.smb.nt_status NT Status: Unknown (0x594e4544)
- kerberos.smb.unknown Unknown: 0x432e4344
- kerberos.smb.unknown Unknown: 0x65644d4f
- kerberos.crealm Client Realm: DENYDC.COM
- kerberos.cname Client Name (Principal): des
- kerberos.name_type Name-type: Principal (1)
- kerberos.name_string Name: des
- kerberos.ticket Ticket
- kerberos.tkt_vno Tkt-vno: 5
- kerberos.realm Realm: DENYDC.COM
- kerberos.sname Server Name (Service and Instance): krbtgt/DENYDC.COM
- kerberos.name_type Name-type: Service and Instance (2)
- kerberos.name_string Name: krbtgt
- kerberos.name_string Name: DENYDC.COM
- kerberos.ticket.enc_part enc-part rc4-hmac
- kerberos.etype Encryption type: rc4-hmac (23)
- kerberos.kvno Kvno: 2
- kerberos.ticket.data enc-part: 76873a46dedc5b7de4cd702aef30ae79cbd8aa172b9d167e...
- kerberos.kdcrep.enc_part enc-part des-cbc-md5
- kerberos.etype Encryption type: des-cbc-md5 (3)
- kerberos.kvno Kvno: 3
- kerberos.kdcrep.data enc-part: edbcc0d67f3a645254f086e6e2bfe2b7bbac72b346ad05ab...
- kerberos [Decrypted using: keytab principal des@DENYDC.COM]
- kerberos.EncKDCRepPart EncKDCRepPart
- kerberos.key key des-cbc-md5
- kerberos.keytype Key type: des-cbc-md5 (3)
- kerberos.keyvalue Key value: 67c837a73862fd5b
- kerberos.LastReqs LastReqs:
- kerberos.LastReq LastReq
- kerberos.lr_type Lr-type: No information available (0)
- kerberos.lr_time Lr-time: 2005-08-16 09:40:29 (UTC)
- kerberos.nonce Nonce: 197451134
- kerberos.key_expiration Key Expiration: 2037-09-14 02:48:05 (UTC)
- ber.bitstring.padding Padding: 0
- kerberos.ticketflags Ticket Flags (Forwardable, Renewable, Initial, Pre-Auth)
- kerberos.ticketflags.forwardable .1.. .... .... .... .... .... .... .... = Forwardable: FORWARDABLE tickets are allowed/requested
- kerberos.ticketflags.forwarded ..0. .... .... .... .... .... .... .... = Forwarded: This is NOT a forwarded ticket
- kerberos.ticketflags.proxiable ...0 .... .... .... .... .... .... .... = Proxiable: Do NOT use proxiable tickets
- kerberos.ticketflags.proxy .... 0... .... .... .... .... .... .... = Proxy: This ticket has NOT been proxied
- kerberos.ticketflags.allow_postdate .... .0.. .... .... .... .... .... .... = Allow Postdate: We do NOT allow the ticket to be postdated
- kerberos.ticketflags.postdated .... ..0. .... .... .... .... .... .... = Postdated: This ticket is NOT postdated
- kerberos.ticketflags.invalid .... ...0 .... .... .... .... .... .... = Invalid: This ticket is NOT invalid
- kerberos.ticketflags.renewable .... .... 1... .... .... .... .... .... = Renewable: This ticket is RENEWABLE
- kerberos.ticketflags.initial .... .... .1.. .... .... .... .... .... = Initial: This ticket was granted by AS and not TGT protocol
- kerberos.ticketflags.pre_auth .... .... ..1. .... .... .... .... .... = Pre-Auth: The client was PRE-AUTHenticated
- kerberos.ticketflags.hw_auth .... .... ...0 .... .... .... .... .... = HW-Auth: The client was NOT authenticated using hardware
- kerberos.ticketflags.transited_policy_checked .... .... .... 0... .... .... .... .... = Transited Policy Checked: Kdc has NOT performed transited policy checking
- kerberos.ticketflags.ok_as_delegate .... .... .... .0.. .... .... .... .... = Ok As Delegate: This ticket is NOT ok as a delegated ticket
- kerberos.authtime Authtime: 2005-08-16 09:40:29 (UTC)
- kerberos.starttime Start time: 2005-08-16 09:40:29 (UTC)
- kerberos.endtime End time: 2005-08-16 19:40:29 (UTC)
- kerberos.renenw_till Renew-till: 2005-08-23 09:40:29 (UTC)
- kerberos.realm Realm: DENYDC.COM
- kerberos.sname Server Name (Service and Instance): krbtgt/DENYDC.COM
- kerberos.name_type Name-type: Service and Instance (2)
- kerberos.name_string Name: krbtgt
- kerberos.name_string Name: DENYDC.COM
- kerberos.hostaddresses HostAddresses: XP1<20>
- kerberos.hostaddress HostAddress XP1<20>
- kerberos.addr_type Addr-type: NETBIOS (20)
- kerberos.addr_nb NetBIOS Name: XP1<20> (Server service)