Frame Number: 6
- geninfo General information
- num Number
- len Frame Length
- caplen Captured Length
- timestamp Captured Time
- frame Frame 6: 1231 bytes on wire (9848 bits), 1231 bytes captured (9848 bits)
- frame.encap_type Encapsulation type: Ethernet (1)
- frame.time Arrival Time: Aug 16, 2005 05:41:06.779395000 Eastern Daylight Time
- frame.offset_shift Time shift for this packet: 0.000000000 seconds
- frame.time_epoch Epoch Time: 1124185266.779395000 seconds
- frame.time_delta Time delta from previous captured frame: 0.000007000 seconds
- frame.time_delta_displayed Time delta from previous displayed frame: 0.000007000 seconds
- frame.time_relative Time since reference or first frame: 0.036018000 seconds
- frame.number Frame Number: 6
- frame.len Frame Length: 1231 bytes (9848 bits)
- frame.cap_len Capture Length: 1231 bytes (9848 bits)
- frame.marked Frame is marked: False
- frame.ignored Frame is ignored: False
- frame.protocols Protocols in frame: eth:ip:udp:kerberos
- frame.coloring_rule.name Coloring Rule Name: UDP
- frame.coloring_rule.string Coloring Rule String: udp
- eth Ethernet II, Src: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c), Dst: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
- eth.dst Destination: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
- eth.addr Address: Microsof_a7:ab:0c (00:03:ff:a7:ab:0c)
- eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
- eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
- eth.src Source: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
- eth.addr Address: Microsof_a6:ab:0c (00:03:ff:a6:ab:0c)
- eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
- eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
- eth.type Type: IP (0x0800)
- ip Internet Protocol Version 4, Src: 10.5.3.1 (10.5.3.1), Dst: 10.1.12.2 (10.1.12.2)
- ip.version Version: 4
- ip.hdr_len Header length: 20 bytes
- ip.dsfield Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
- ip.dsfield.dscp 0000 00.. = Differentiated Services Codepoint: Default (0x00)
- ip.dsfield.ecn .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
- ip.len Total Length: 1217
- ip.id Identification: 0x48d1 (18641)
- ip.flags Flags: 0x00
- ip.flags.rb 0... .... = Reserved bit: Not set
- ip.flags.df .0.. .... = Don't fragment: Not set
- ip.flags.mf ..0. .... = More fragments: Not set
- ip.frag_offset Fragment offset: 0
- ip.ttl Time to live: 128
- ip.proto Protocol: UDP (17)
- ip.checksum Header checksum: 0xca52 [validation disabled]
- ip.checksum_good Good: False
- ip.checksum_bad Bad: False
- ip.src Source: 10.5.3.1 (10.5.3.1)
- ip.addr Source or Destination Address: 10.5.3.1 (10.5.3.1)
- ip.src_host Source Host: 10.5.3.1
- ip.host Source or Destination Host: 10.5.3.1
- ip.dst Destination: 10.1.12.2 (10.1.12.2)
- ip.addr Source or Destination Address: 10.1.12.2 (10.1.12.2)
- ip.dst_host Destination Host: 10.1.12.2
- ip.host Source or Destination Host: 10.1.12.2
- Source GeoIP: Unknown
- Destination GeoIP: Unknown
- udp User Datagram Protocol, Src Port: kerberos (88), Dst Port: kiosk (1061)
- udp.srcport Source port: kerberos (88)
- udp.dstport Destination port: kiosk (1061)
- udp.port Source or Destination Port: 88
- udp.port Source or Destination Port: 1061
- udp.length Length: 1197
- udp.checksum_coverage Checksum coverage: 1197
- udp.checksum Checksum: 0x38a5 [validation disabled]
- udp.checksum_good Good Checksum: False
- udp.checksum_bad Bad Checksum: False
- kerberos Kerberos TGS-REP
- kerberos.pvno Pvno: 5
- kerberos.msg.type MSG Type: TGS-REP (13)
- kerberos.crealm Client Realm: DENYDC.COM
- kerberos.cname Client Name (Principal): des
- kerberos.name_type Name-type: Principal (1)
- kerberos.name_string Name: des
- kerberos.ticket Ticket
- kerberos.tkt_vno Tkt-vno: 5
- kerberos.realm Realm: DENYDC.COM
- kerberos.sname Server Name (Service and Host): host/xp1.denydc.com
- kerberos.name_type Name-type: Service and Host (3)
- kerberos.name_string Name: host
- kerberos.name_string Name: xp1.denydc.com
- kerberos.ticket.enc_part enc-part rc4-hmac
- kerberos.etype Encryption type: rc4-hmac (23)
- kerberos.kvno Kvno: 2
- kerberos.ticket.data enc-part: e63bb88dd1d8f8b5aafe7b76e59e4f42e5e090b679e8a945...
- kerberos.kdcrep.enc_part enc-part des-cbc-md5
- kerberos.etype Encryption type: des-cbc-md5 (3)
- kerberos.kdcrep.data enc-part: 70e024fdb23293198556e63ca27554cf3dd36d0a548e9215...
- kerberos [Decrypted using: key learnt from frame 4]
- kerberos.EncKDCRepPart EncKDCRepPart
- kerberos.key key rc4-hmac
- kerberos.keytype Key type: rc4-hmac (23)
- kerberos.keyvalue Key value: 60ccc14e37427a87d289f855feb3a405
- kerberos.LastReqs LastReqs:
- kerberos.LastReq LastReq
- kerberos.lr_type Lr-type: No information available (0)
- kerberos.lr_time Lr-time: 2005-08-16 09:40:29 (UTC)
- kerberos.nonce Nonce: 197296424
- ber.bitstring.padding Padding: 0
- kerberos.ticketflags Ticket Flags (Forwardable, Renewable, Pre-Auth)
- kerberos.ticketflags.forwardable .1.. .... .... .... .... .... .... .... = Forwardable: FORWARDABLE tickets are allowed/requested
- kerberos.ticketflags.forwarded ..0. .... .... .... .... .... .... .... = Forwarded: This is NOT a forwarded ticket
- kerberos.ticketflags.proxiable ...0 .... .... .... .... .... .... .... = Proxiable: Do NOT use proxiable tickets
- kerberos.ticketflags.proxy .... 0... .... .... .... .... .... .... = Proxy: This ticket has NOT been proxied
- kerberos.ticketflags.allow_postdate .... .0.. .... .... .... .... .... .... = Allow Postdate: We do NOT allow the ticket to be postdated
- kerberos.ticketflags.postdated .... ..0. .... .... .... .... .... .... = Postdated: This ticket is NOT postdated
- kerberos.ticketflags.invalid .... ...0 .... .... .... .... .... .... = Invalid: This ticket is NOT invalid
- kerberos.ticketflags.renewable .... .... 1... .... .... .... .... .... = Renewable: This ticket is RENEWABLE
- kerberos.ticketflags.initial .... .... .0.. .... .... .... .... .... = Initial: This ticket was granted by TGT and not as protocol
- kerberos.ticketflags.pre_auth .... .... ..1. .... .... .... .... .... = Pre-Auth: The client was PRE-AUTHenticated
- kerberos.ticketflags.hw_auth .... .... ...0 .... .... .... .... .... = HW-Auth: The client was NOT authenticated using hardware
- kerberos.ticketflags.transited_policy_checked .... .... .... 0... .... .... .... .... = Transited Policy Checked: Kdc has NOT performed transited policy checking
- kerberos.ticketflags.ok_as_delegate .... .... .... .0.. .... .... .... .... = Ok As Delegate: This ticket is NOT ok as a delegated ticket
- kerberos.authtime Authtime: 2005-08-16 09:40:29 (UTC)
- kerberos.starttime Start time: 2005-08-16 09:40:29 (UTC)
- kerberos.endtime End time: 2005-08-16 19:40:29 (UTC)
- kerberos.renenw_till Renew-till: 2005-08-23 09:40:29 (UTC)
- kerberos.realm Realm: DENYDC.COM
- kerberos.sname Server Name (Service and Host): host/xp1.denydc.com
- kerberos.name_type Name-type: Service and Host (3)
- kerberos.name_string Name: host
- kerberos.name_string Name: xp1.denydc.com