Frame 341: 1514 bytes on wire (12112 bits), 1514 bytes captured (12112 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 19, 2019 01:44:57.016017000 UTC UTC Arrival Time: Mar 19, 2019 01:44:57.016017000 UTC Epoch Arrival Time: 1552959897.016017000 [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 0.000050000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 1.379251000 seconds] Frame Number: 341 Frame Length: 1514 bytes (12112 bits) Capture Length: 1514 bytes (12112 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:kerberos] Ethernet II, Src: Intel_57:2b:42 (64:32:a8:57:2b:42), Dst: Dell_c2:09:6a (a4:1f:72:c2:09:6a) Destination: Dell_c2:09:6a (a4:1f:72:c2:09:6a) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_57:2b:42 (64:32:a8:57:2b:42) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) [Stream index: 1] Internet Protocol Version 4, Src: 10.0.90.215, Dst: 10.0.90.9 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 1500 Identification: 0x00bd (189) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0xb7cf [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.90.215 Destination Address: 10.0.90.9 [Stream index: 1] Transmission Control Protocol, Src Port: 49182, Dst Port: 88, Seq: 1, Ack: 1, Len: 1460 Source Port: 49182 Destination Port: 88 [Stream index: 26] [Stream Packet Number: 4] [Conversation completeness: Incomplete, ESTABLISHED (7)] ..0. .... = RST: Absent ...0 .... = FIN: Absent .... 0... = Data: Absent .... .1.. = ACK: Present .... ..1. = SYN-ACK: Present .... ...1 = SYN: Present [Completeness Flags: ···ASS] [TCP Segment Len: 1460] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 3017208219 [Next Sequence Number: 1461 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 4121428615 0101 .... = Header Length: 20 bytes (5) Flags: 0x010 (ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 0... = Push: Not set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······A····] Window: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0x3cb1 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.000308000 seconds] [Time since previous frame in this TCP stream: 0.000050000 seconds] [SEQ/ACK analysis] [iRTT: 0.000258000 seconds] [Bytes in flight: 1460] [Bytes sent since last PSH flag: 1460] TCP payload (1460 bytes) [PDU Size: 1505] Kerberos Record Mark: 1501 bytes 0... .... .... .... .... .... .... .... = Reserved: Not set .000 0000 0000 0000 0000 0101 1101 1101 = Record Length: 1501 tgs-req pvno: 5 msg-type: krb-tgs-req (12) padata: 2 items PA-DATA pA-TGS-REQ padata-type: pA-TGS-REQ (1) padata-value […]: 6e8205323082052ea003020105a10302010ea20703050000000000a38204716182046d30820469a003020105a1131b114c4954544c455449474552532e494e464fa2263024a003020102a11d301b1b066b72627467741b114c4954544c455449474552532e494e464fa38204233 ap-req pvno: 5 msg-type: krb-ap-req (14) Padding: 0 ap-options: 00000000 0... .... = reserved: False .0.. .... = use-session-key: False ..0. .... = mutual-required: False ticket tkt-vno: 5 realm: LITTLETIGERS.INFO sname name-type: kRB5-NT-SRV-INST (2) sname-string: 2 items SNameString: krbtgt SNameString: LITTLETIGERS.INFO enc-part etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) kvno: 2 cipher […]: 529cbb059630538dd3d2ae35361ad14647f3e8b411c50bae0902ee1f6a80d368a97224d48746f811a2bf5402d4e5aa4e1f9a90831792ce03018bf062c13b06801693cbfc2cdc4ae2896a366ece01eb46f16e86ae7a7bcff07e2ee83d22cf3592ce345bf7bb9f888400c9291c6fd23ddf5 authenticator etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) cipher […]: 1891a747e4717ce198ded2d99df125d6fbd15e7d137cf0a18002a07d80ed5af401be541181c1411762749bfe00bbe56436df24313fe3468d703f1d7839fc6c4d86462c147de8b3e8e7ff5b7e82fbca86fb56a7d073e7df329eb01dc421a3587e336e8b41997cf20c381580c1b1efe5b1e PA-DATA pA-SUPPORTED-ETYPES padata-type: pA-SUPPORTED-ETYPES (165) padata-value: 1f000000 SupportedEnctypes: 0x0000001f, des-cbc-crc, des-cbc-md5, rc4-hmac, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 .... .... .... .... .... .... .... ...1 = des-cbc-crc: Supported .... .... .... .... .... .... .... ..1. = des-cbc-md5: Supported .... .... .... .... .... .... .... .1.. = rc4-hmac: Supported .... .... .... .... .... .... .... 1... = aes128-cts-hmac-sha1-96: Supported .... .... .... .... .... .... ...1 .... = aes256-cts-hmac-sha1-96: Supported .... .... .... .... .... .... ..0. .... = aes256-cts-hmac-sha1-96-sk: Not supported .... .... .... ...0 .... .... .... .... = fast-supported: Not supported .... .... .... ..0. .... .... .... .... = compound-identity-supported: Not supported .... .... .... .0.. .... .... .... .... = claims-supported: Not supported .... .... .... 0... .... .... .... .... = resource-sid-compression-disabled: Not supported req-body Padding: 0 kdc-options: 60810010 0... .... = reserved: False .1.. .... = forwardable: True ..1. .... = forwarded: True ...0 .... = proxiable: False .... 0... = proxy: False .... .0.. = allow-postdate: False .... ..0. = postdated: False .... ...0 = unused7: False 1... .... = renewable: True .0.. .... = unused9: False ..0. .... = unused10: False ...0 .... = opt-hardware-auth: False .... 0... = unused12: False .... .0.. = unused13: False .... ..0. = constrained-delegation: False .... ...1 = canonicalize: True 0... .... = request-anonymous: False .0.. .... = unused17: False ..0. .... = unused18: False ...0 .... = unused19: False .... 0... = unused20: False .... .0.. = unused21: False .... ..0. = unused22: False .... ...0 = unused23: False 0... .... = unused24: False .0.. .... = unused25: False ..0. .... = disable-transited-check: False ...1 .... = renewable-ok: True .... 0... = enc-tkt-in-skey: False .... .0.. = unused29: False .... ..0. = renew: False .... ...0 = validate: False realm: LITTLETIGERS.INFO sname name-type: kRB5-NT-SRV-INST (2) sname-string: unknown number of items SNameString: krbtgt [BoundError Unreassembled Packet: KRB5] [Expert Info (Note/Reassemble): Unreassembled fragment (change preferences to enable reassembly)] [Unreassembled fragment (change preferences to enable reassembly)] [Severity level: Note] [Group: Reassemble]