API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 27th, 2018
158
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.69 KB | None | 0 0
raw download clone embed print report
  1. [root@f ~]# clear && tshark -i any -Y kerberos -O kerberos
  2. Running as user "root" and group "root". This could be dangerous.
  3. Capturing on 'any'
  4. Frame 181: 1683 bytes on wire (13464 bits), 1683 bytes captured (13464 bits) on interface 0
  5. Linux cooked capture
  6. Internet Protocol Version 4, Src: 192.168.47.100, Dst: 192.168.47.120
  7. Transmission Control Protocol, Src Port: 56734, Dst Port: 88, Seq: 1, Ack: 1, Len: 1615
  8. Kerberos
  9. Record Mark: 1611 bytes
  10. 0... .... .... .... .... .... .... .... = Reserved: Not set
  11. .000 0000 0000 0000 0000 0110 0100 1011 = Record Length: 1611
  12. tgs-req
  13. pvno: 5
  14. msg-type: krb-tgs-req (12)
  15. padata: 2 items
  16. PA-DATA PA-TGS-REQ
  17. padata-type: kRB5-PADATA-TGS-REQ (1)
  18. padata-value: 6e8204b7308204b3a003020105a10302010ea20703050000...
  19. ap-req
  20. pvno: 5
  21. msg-type: krb-ap-req (14)
  22. Padding: 0
  23. ap-options: 00000000
  24. 0... .... = reserved: False
  25. .0.. .... = use-session-key: False
  26. ..0. .... = mutual-required: False
  27. ticket
  28. tkt-vno: 5
  29. realm: ACME.COM
  30. sname
  31. name-type: kRB5-NT-SRV-INST (2)
  32. sname-string: 2 items
  33. SNameString: krbtgt
  34. SNameString: ACME.COM
  35. enc-part
  36. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  37. kvno: 2
  38. cipher: 61897d635087d6e5352cfb88a161b744f6b39f3dc04fa083...
  39. authenticator
  40. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  41. cipher: b16c735dcee5ac6abdaae825b38d81ab8a92c7ced4aa4cb5...
  42. PA-DATA Unknown:136
  43. padata-type: Unknown (136)
  44. padata-value: a081d63081d3a1173015a003020110a10e040c96d09c9eb4...
  45. req-body
  46. Padding: 0
  47. kdc-options: 40810000 (forwardable, renewable, canonicalize)
  48. 0... .... = reserved: False
  49. .1.. .... = forwardable: True
  50. ..0. .... = forwarded: False
  51. ...0 .... = proxiable: False
  52. .... 0... = proxy: False
  53. .... .0.. = allow-postdate: False
  54. .... ..0. = postdated: False
  55. .... ...0 = unused7: False
  56. 1... .... = renewable: True
  57. .0.. .... = unused9: False
  58. ..0. .... = unused10: False
  59. ...0 .... = opt-hardware-auth: False
  60. .... ..0. = request-anonymous: False
  61. .... ...1 = canonicalize: True
  62. 0... .... = constrained-delegation: False
  63. ..0. .... = disable-transited-check: False
  64. ...0 .... = renewable-ok: False
  65. .... 0... = enc-tkt-in-skey: False
  66. .... ..0. = renew: False
  67. .... ...0 = validate: False
  68. realm: ACME.COM
  69. sname
  70. name-type: kRB5-NT-PRINCIPAL (1)
  71. sname-string: 2 items
  72. SNameString: MSSQLSvc
  73. SNameString: myhost.acme.com:1433
  74. till: 2018-03-28 01:25:40 (UTC)
  75. nonce: 1522164638
  76. etype: 8 items
  77. ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  78. ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17)
  79. ENCTYPE: Unknown (20)
  80. ENCTYPE: Unknown (19)
  81. ENCTYPE: eTYPE-DES3-CBC-SHA1 (16)
  82. ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5 (23)
  83. ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25)
  84. ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26)
  85.  
  86. Frame 183: 1408 bytes on wire (11264 bits), 1408 bytes captured (11264 bits) on interface 0
  87. Linux cooked capture
  88. Internet Protocol Version 4, Src: 192.168.47.120, Dst: 192.168.47.100
  89. Transmission Control Protocol, Src Port: 88, Dst Port: 56734, Seq: 1, Ack: 1616, Len: 1340
  90. Kerberos
  91. Record Mark: 1336 bytes
  92. 0... .... .... .... .... .... .... .... = Reserved: Not set
  93. .000 0000 0000 0000 0000 0101 0011 1000 = Record Length: 1336
  94. tgs-rep
  95. pvno: 5
  96. msg-type: krb-tgs-rep (13)
  97. crealm: ACME.COM
  98. cname
  99. name-type: kRB5-NT-PRINCIPAL (1)
  100. cname-string: 1 item
  101. CNameString: isaac
  102. ticket
  103. tkt-vno: 5
  104. realm: ACME.COM
  105. sname
  106. name-type: kRB5-NT-PRINCIPAL (1)
  107. sname-string: 2 items
  108. SNameString: MSSQLSvc
  109. SNameString: myhost.acme.com:1433
  110. enc-part
  111. etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
  112. kvno: 2
  113. cipher: 3bdece092cced14eb7dc07b351a6986b55d6d44105e730c5...
  114. enc-part
  115. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  116. cipher: 2703de298d14ebb557607dc717421c6edea6658300df9356...
  117.  
  118. ^[`Frame 481: 1673 bytes on wire (13384 bits), 1673 bytes captured (13384 bits) on interface 0
  119. Linux cooked capture
  120. Internet Protocol Version 4, Src: 192.168.47.100, Dst: 192.168.47.120
  121. Transmission Control Protocol, Src Port: 56736, Dst Port: 88, Seq: 1, Ack: 1, Len: 1605
  122. Kerberos
  123. Record Mark: 1601 bytes
  124. 0... .... .... .... .... .... .... .... = Reserved: Not set
  125. .000 0000 0000 0000 0000 0110 0100 0001 = Record Length: 1601
  126. tgs-req
  127. pvno: 5
  128. msg-type: krb-tgs-req (12)
  129. padata: 2 items
  130. PA-DATA PA-TGS-REQ
  131. padata-type: kRB5-PADATA-TGS-REQ (1)
  132. padata-value: 6e8204b7308204b3a003020105a10302010ea20703050000...
  133. ap-req
  134. pvno: 5
  135. msg-type: krb-ap-req (14)
  136. Padding: 0
  137. ap-options: 00000000
  138. 0... .... = reserved: False
  139. .0.. .... = use-session-key: False
  140. ..0. .... = mutual-required: False
  141. ticket
  142. tkt-vno: 5
  143. realm: ACME.COM
  144. sname
  145. name-type: kRB5-NT-SRV-INST (2)
  146. sname-string: 2 items
  147. SNameString: krbtgt
  148. SNameString: ACME.COM
  149. enc-part
  150. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  151. kvno: 2
  152. cipher: 61897d635087d6e5352cfb88a161b744f6b39f3dc04fa083...
  153. authenticator
  154. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  155. cipher: 43486a5292708ce5242267ae94599b19cc303c2150d10ae8...
  156. PA-DATA Unknown:136
  157. padata-type: Unknown (136)
  158. padata-value: a081d13081cea1173015a003020110a10e040cc3a08e4bb7...
  159. req-body
  160. Padding: 0
  161. kdc-options: 40810000 (forwardable, renewable, canonicalize)
  162. 0... .... = reserved: False
  163. .1.. .... = forwardable: True
  164. ..0. .... = forwarded: False
  165. ...0 .... = proxiable: False
  166. .... 0... = proxy: False
  167. .... .0.. = allow-postdate: False
  168. .... ..0. = postdated: False
  169. .... ...0 = unused7: False
  170. 1... .... = renewable: True
  171. .0.. .... = unused9: False
  172. ..0. .... = unused10: False
  173. ...0 .... = opt-hardware-auth: False
  174. .... ..0. = request-anonymous: False
  175. .... ...1 = canonicalize: True
  176. 0... .... = constrained-delegation: False
  177. ..0. .... = disable-transited-check: False
  178. ...0 .... = renewable-ok: False
  179. .... 0... = enc-tkt-in-skey: False
  180. .... ..0. = renew: False
  181. .... ...0 = validate: False
  182. realm: ACME.COM
  183. sname
  184. name-type: kRB5-NT-PRINCIPAL (1)
  185. sname-string: 2 items
  186. SNameString: MSSQLSvc
  187. SNameString: myhost.acme.com
  188. till: 2018-03-28 01:25:40 (UTC)
  189. nonce: 1522165036
  190. etype: 8 items
  191. ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  192. ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17)
  193. ENCTYPE: Unknown (20)
  194. ENCTYPE: Unknown (19)
  195. ENCTYPE: eTYPE-DES3-CBC-SHA1 (16)
  196. ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5 (23)
  197. ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25)
  198. ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26)
  199.  
  200. Frame 483: 1398 bytes on wire (11184 bits), 1398 bytes captured (11184 bits) on interface 0
  201. Linux cooked capture
  202. Internet Protocol Version 4, Src: 192.168.47.120, Dst: 192.168.47.100
  203. Transmission Control Protocol, Src Port: 88, Dst Port: 56736, Seq: 1, Ack: 1606, Len: 1330
  204. Kerberos
  205. Record Mark: 1326 bytes
  206. 0... .... .... .... .... .... .... .... = Reserved: Not set
  207. .000 0000 0000 0000 0000 0101 0010 1110 = Record Length: 1326
  208. tgs-rep
  209. pvno: 5
  210. msg-type: krb-tgs-rep (13)
  211. crealm: ACME.COM
  212. cname
  213. name-type: kRB5-NT-PRINCIPAL (1)
  214. cname-string: 1 item
  215. CNameString: isaac
  216. ticket
  217. tkt-vno: 5
  218. realm: ACME.COM
  219. sname
  220. name-type: kRB5-NT-PRINCIPAL (1)
  221. sname-string: 2 items
  222. SNameString: MSSQLSvc
  223. SNameString: myhost.acme.com
  224. enc-part
  225. etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
  226. kvno: 2
  227. cipher: a8037591d290efd056cd8381f1f5d1a656bf0b9223dc60d7...
  228. enc-part
  229. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  230. cipher: c546ef2a7261760a914d93bbaa9e7485d7ca32edd71d9a4d...
  231.  
  232. Frame 565: 1683 bytes on wire (13464 bits), 1683 bytes captured (13464 bits) on interface 0
  233. Linux cooked capture
  234. Internet Protocol Version 4, Src: 192.168.47.100, Dst: 192.168.47.120
  235. Transmission Control Protocol, Src Port: 56738, Dst Port: 88, Seq: 1, Ack: 1, Len: 1615
  236. Kerberos
  237. Record Mark: 1611 bytes
  238. 0... .... .... .... .... .... .... .... = Reserved: Not set
  239. .000 0000 0000 0000 0000 0110 0100 1011 = Record Length: 1611
  240. tgs-req
  241. pvno: 5
  242. msg-type: krb-tgs-req (12)
  243. padata: 2 items
  244. PA-DATA PA-TGS-REQ
  245. padata-type: kRB5-PADATA-TGS-REQ (1)
  246. padata-value: 6e8204b7308204b3a003020105a10302010ea20703050000...
  247. ap-req
  248. pvno: 5
  249. msg-type: krb-ap-req (14)
  250. Padding: 0
  251. ap-options: 00000000
  252. 0... .... = reserved: False
  253. .0.. .... = use-session-key: False
  254. ..0. .... = mutual-required: False
  255. ticket
  256. tkt-vno: 5
  257. realm: ACME.COM
  258. sname
  259. name-type: kRB5-NT-SRV-INST (2)
  260. sname-string: 2 items
  261. SNameString: krbtgt
  262. SNameString: ACME.COM
  263. enc-part
  264. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  265. kvno: 2
  266. cipher: 61897d635087d6e5352cfb88a161b744f6b39f3dc04fa083...
  267. authenticator
  268. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  269. cipher: 6109af155405f1854a45276ae695c0044790e428fe29bba3...
  270. PA-DATA Unknown:136
  271. padata-type: Unknown (136)
  272. padata-value: a081d63081d3a1173015a003020110a10e040cad66ce78a5...
  273. req-body
  274. Padding: 0
  275. kdc-options: 40810000 (forwardable, renewable, canonicalize)
  276. 0... .... = reserved: False
  277. .1.. .... = forwardable: True
  278. ..0. .... = forwarded: False
  279. ...0 .... = proxiable: False
  280. .... 0... = proxy: False
  281. .... .0.. = allow-postdate: False
  282. .... ..0. = postdated: False
  283. .... ...0 = unused7: False
  284. 1... .... = renewable: True
  285. .0.. .... = unused9: False
  286. ..0. .... = unused10: False
  287. ...0 .... = opt-hardware-auth: False
  288. .... ..0. = request-anonymous: False
  289. .... ...1 = canonicalize: True
  290. 0... .... = constrained-delegation: False
  291. ..0. .... = disable-transited-check: False
  292. ...0 .... = renewable-ok: False
  293. .... 0... = enc-tkt-in-skey: False
  294. .... ..0. = renew: False
  295. .... ...0 = validate: False
  296. realm: ACME.COM
  297. sname
  298. name-type: kRB5-NT-PRINCIPAL (1)
  299. sname-string: 2 items
  300. SNameString: MSSQLSvc
  301. SNameString: myhost.acme.com:1444
  302. till: 2018-03-28 01:25:40 (UTC)
  303. nonce: 1522165049
  304. etype: 8 items
  305. ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  306. ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17)
  307. ENCTYPE: Unknown (20)
  308. ENCTYPE: Unknown (19)
  309. ENCTYPE: eTYPE-DES3-CBC-SHA1 (16)
  310. ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5 (23)
  311. ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25)
  312. ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26)
  313.  
  314. Frame 567: 1408 bytes on wire (11264 bits), 1408 bytes captured (11264 bits) on interface 0
  315. Linux cooked capture
  316. Internet Protocol Version 4, Src: 192.168.47.120, Dst: 192.168.47.100
  317. Transmission Control Protocol, Src Port: 88, Dst Port: 56738, Seq: 1, Ack: 1616, Len: 1340
  318. Kerberos
  319. Record Mark: 1336 bytes
  320. 0... .... .... .... .... .... .... .... = Reserved: Not set
  321. .000 0000 0000 0000 0000 0101 0011 1000 = Record Length: 1336
  322. tgs-rep
  323. pvno: 5
  324. msg-type: krb-tgs-rep (13)
  325. crealm: ACME.COM
  326. cname
  327. name-type: kRB5-NT-PRINCIPAL (1)
  328. cname-string: 1 item
  329. CNameString: isaac
  330. ticket
  331. tkt-vno: 5
  332. realm: ACME.COM
  333. sname
  334. name-type: kRB5-NT-PRINCIPAL (1)
  335. sname-string: 2 items
  336. SNameString: MSSQLSvc
  337. SNameString: myhost.acme.com:1444
  338. enc-part
  339. etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
  340. kvno: 2
  341. cipher: 87ccd9e522fb56e4a1fbc5a7477da2e1204de54169f19513...
  342. enc-part
  343. etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
  344. cipher: 365bf060210ac39a7f5944d1b9f917511ced2a0f0cd2ef0d...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!