Frame 79: 383 bytes on wire (3064 bits), 383 bytes captured (3064 bits) Encapsulation type: Ethernet (1) Arrival Time: Mar 19, 2019 01:44:55.840289000 UTC UTC Arrival Time: Mar 19, 2019 01:44:55.840289000 UTC Epoch Arrival Time: 1552959895.840289000 [Time shift for this packet: 0.000000000 seconds] [Time delta from previous captured frame: 0.000017000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 0.203523000 seconds] Frame Number: 79 Frame Length: 383 bytes (3064 bits) Capture Length: 383 bytes (3064 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:kerberos] Ethernet II, Src: Intel_57:2b:42 (64:32:a8:57:2b:42), Dst: Dell_c2:09:6a (a4:1f:72:c2:09:6a) Destination: Dell_c2:09:6a (a4:1f:72:c2:09:6a) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Intel_57:2b:42 (64:32:a8:57:2b:42) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) [Stream index: 1] Internet Protocol Version 4, Src: 10.0.90.215, Dst: 10.0.90.9 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 369 Identification: 0x0031 (49) 010. .... = Flags: 0x2, Don't fragment 0... .... = Reserved bit: Not set .1.. .... = Don't fragment: Set ..0. .... = More fragments: Not set ...0 0000 0000 0000 = Fragment Offset: 0 Time to Live: 128 Protocol: TCP (6) Header Checksum: 0xbcc6 [validation disabled] [Header checksum status: Unverified] Source Address: 10.0.90.215 Destination Address: 10.0.90.9 [Stream index: 1] Transmission Control Protocol, Src Port: 49162, Dst Port: 88, Seq: 1, Ack: 1, Len: 329 Source Port: 49162 Destination Port: 88 [Stream index: 7] [Stream Packet Number: 4] [Conversation completeness: Incomplete, ESTABLISHED (7)] ..0. .... = RST: Absent ...0 .... = FIN: Absent .... 0... = Data: Absent .... .1.. = ACK: Present .... ..1. = SYN-ACK: Present .... ...1 = SYN: Present [Completeness Flags: ···ASS] [TCP Segment Len: 329] Sequence Number: 1 (relative sequence number) Sequence Number (raw): 992035837 [Next Sequence Number: 330 (relative sequence number)] Acknowledgment Number: 1 (relative ack number) Acknowledgment number (raw): 3925860821 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window: 256 [Calculated window size: 65536] [Window size scaling factor: 256] Checksum: 0xbf65 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 0.001322000 seconds] [Time since previous frame in this TCP stream: 0.000059000 seconds] [SEQ/ACK analysis] [iRTT: 0.001263000 seconds] [Bytes in flight: 329] [Bytes sent since last PSH flag: 329] TCP payload (329 bytes) [PDU Size: 329] Kerberos Record Mark: 325 bytes 0... .... .... .... .... .... .... .... = Reserved: Not set .000 0000 0000 0000 0000 0001 0100 0101 = Record Length: 325 as-req pvno: 5 msg-type: krb-as-req (10) padata: 2 items PA-DATA pA-ENC-TIMESTAMP padata-type: pA-ENC-TIMESTAMP (2) padata-value: 3041a003020112a23a043869705e8be4b39d35c6052e732bc5bbf5a0f51ec5abf44a4387e2c5c0f3a3302cbe423be6f78a755b11889c2c0a4b6444d478c99136b8b022 etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) cipher: 69705e8be4b39d35c6052e732bc5bbf5a0f51ec5abf44a4387e2c5c0f3a3302cbe423be6f78a755b11889c2c0a4b6444d478c99136b8b022 PA-DATA pA-PAC-REQUEST padata-type: pA-PAC-REQUEST (128) padata-value: 3005a0030101ff include-pac: True req-body Padding: 0 kdc-options: 40810010 0... .... = reserved: False .1.. .... = forwardable: True ..0. .... = forwarded: False ...0 .... = proxiable: False .... 0... = proxy: False .... .0.. = allow-postdate: False .... ..0. = postdated: False .... ...0 = unused7: False 1... .... = renewable: True .0.. .... = unused9: False ..0. .... = unused10: False ...0 .... = opt-hardware-auth: False .... 0... = unused12: False .... .0.. = unused13: False .... ..0. = constrained-delegation: False .... ...1 = canonicalize: True 0... .... = request-anonymous: False .0.. .... = unused17: False ..0. .... = unused18: False ...0 .... = unused19: False .... 0... = unused20: False .... .0.. = unused21: False .... ..0. = unused22: False .... ...0 = unused23: False 0... .... = unused24: False .0.. .... = unused25: False ..0. .... = disable-transited-check: False ...1 .... = renewable-ok: True .... 0... = enc-tkt-in-skey: False .... .0.. = unused29: False .... ..0. = renew: False .... ...0 = validate: False cname name-type: kRB5-NT-PRINCIPAL (1) cname-string: 1 item CNameString: bobby-tiger-pc$ realm: littletigers.info sname name-type: kRB5-NT-SRV-INST (2) sname-string: 2 items SNameString: krbtgt SNameString: littletigers.info till: Sep 13, 2037 02:48:05.000000000 UTC rtime: Sep 13, 2037 02:48:05.000000000 UTC nonce: 1458278818 etype: 6 items ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18) ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17) ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5 (23) ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5-56 (24) ENCTYPE: eTYPE-ARCFOUR-HMAC-OLD-EXP (-135) ENCTYPE: eTYPE-DES-CBC-MD5 (3) addresses: 1 item BOBBY-TIGER-PC<20> HostAddress BOBBY-TIGER-PC<20> addr-type: nETBIOS (20) NetBIOS Name: BOBBY-TIGER-PC<20> (Server service)