Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@f ~]# clear && tshark -i any -Y kerberos -O kerberos
- Running as user "root" and group "root". This could be dangerous.
- Capturing on 'any'
- Frame 181: 1683 bytes on wire (13464 bits), 1683 bytes captured (13464 bits) on interface 0
- Linux cooked capture
- Internet Protocol Version 4, Src: 192.168.47.100, Dst: 192.168.47.120
- Transmission Control Protocol, Src Port: 56734, Dst Port: 88, Seq: 1, Ack: 1, Len: 1615
- Kerberos
- Record Mark: 1611 bytes
- 0... .... .... .... .... .... .... .... = Reserved: Not set
- .000 0000 0000 0000 0000 0110 0100 1011 = Record Length: 1611
- tgs-req
- pvno: 5
- msg-type: krb-tgs-req (12)
- padata: 2 items
- PA-DATA PA-TGS-REQ
- padata-type: kRB5-PADATA-TGS-REQ (1)
- padata-value: 6e8204b7308204b3a003020105a10302010ea20703050000...
- ap-req
- pvno: 5
- msg-type: krb-ap-req (14)
- Padding: 0
- ap-options: 00000000
- 0... .... = reserved: False
- .0.. .... = use-session-key: False
- ..0. .... = mutual-required: False
- ticket
- tkt-vno: 5
- realm: ACME.COM
- sname
- name-type: kRB5-NT-SRV-INST (2)
- sname-string: 2 items
- SNameString: krbtgt
- SNameString: ACME.COM
- enc-part
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- kvno: 2
- cipher: 61897d635087d6e5352cfb88a161b744f6b39f3dc04fa083...
- authenticator
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- cipher: b16c735dcee5ac6abdaae825b38d81ab8a92c7ced4aa4cb5...
- PA-DATA Unknown:136
- padata-type: Unknown (136)
- padata-value: a081d63081d3a1173015a003020110a10e040c96d09c9eb4...
- req-body
- Padding: 0
- kdc-options: 40810000 (forwardable, renewable, canonicalize)
- 0... .... = reserved: False
- .1.. .... = forwardable: True
- ..0. .... = forwarded: False
- ...0 .... = proxiable: False
- .... 0... = proxy: False
- .... .0.. = allow-postdate: False
- .... ..0. = postdated: False
- .... ...0 = unused7: False
- 1... .... = renewable: True
- .0.. .... = unused9: False
- ..0. .... = unused10: False
- ...0 .... = opt-hardware-auth: False
- .... ..0. = request-anonymous: False
- .... ...1 = canonicalize: True
- 0... .... = constrained-delegation: False
- ..0. .... = disable-transited-check: False
- ...0 .... = renewable-ok: False
- .... 0... = enc-tkt-in-skey: False
- .... ..0. = renew: False
- .... ...0 = validate: False
- realm: ACME.COM
- sname
- name-type: kRB5-NT-PRINCIPAL (1)
- sname-string: 2 items
- SNameString: MSSQLSvc
- SNameString: myhost.acme.com:1433
- till: 2018-03-28 01:25:40 (UTC)
- nonce: 1522164638
- etype: 8 items
- ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17)
- ENCTYPE: Unknown (20)
- ENCTYPE: Unknown (19)
- ENCTYPE: eTYPE-DES3-CBC-SHA1 (16)
- ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5 (23)
- ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25)
- ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26)
- Frame 183: 1408 bytes on wire (11264 bits), 1408 bytes captured (11264 bits) on interface 0
- Linux cooked capture
- Internet Protocol Version 4, Src: 192.168.47.120, Dst: 192.168.47.100
- Transmission Control Protocol, Src Port: 88, Dst Port: 56734, Seq: 1, Ack: 1616, Len: 1340
- Kerberos
- Record Mark: 1336 bytes
- 0... .... .... .... .... .... .... .... = Reserved: Not set
- .000 0000 0000 0000 0000 0101 0011 1000 = Record Length: 1336
- tgs-rep
- pvno: 5
- msg-type: krb-tgs-rep (13)
- crealm: ACME.COM
- cname
- name-type: kRB5-NT-PRINCIPAL (1)
- cname-string: 1 item
- CNameString: isaac
- ticket
- tkt-vno: 5
- realm: ACME.COM
- sname
- name-type: kRB5-NT-PRINCIPAL (1)
- sname-string: 2 items
- SNameString: MSSQLSvc
- SNameString: myhost.acme.com:1433
- enc-part
- etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
- kvno: 2
- cipher: 3bdece092cced14eb7dc07b351a6986b55d6d44105e730c5...
- enc-part
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- cipher: 2703de298d14ebb557607dc717421c6edea6658300df9356...
- ^[`Frame 481: 1673 bytes on wire (13384 bits), 1673 bytes captured (13384 bits) on interface 0
- Linux cooked capture
- Internet Protocol Version 4, Src: 192.168.47.100, Dst: 192.168.47.120
- Transmission Control Protocol, Src Port: 56736, Dst Port: 88, Seq: 1, Ack: 1, Len: 1605
- Kerberos
- Record Mark: 1601 bytes
- 0... .... .... .... .... .... .... .... = Reserved: Not set
- .000 0000 0000 0000 0000 0110 0100 0001 = Record Length: 1601
- tgs-req
- pvno: 5
- msg-type: krb-tgs-req (12)
- padata: 2 items
- PA-DATA PA-TGS-REQ
- padata-type: kRB5-PADATA-TGS-REQ (1)
- padata-value: 6e8204b7308204b3a003020105a10302010ea20703050000...
- ap-req
- pvno: 5
- msg-type: krb-ap-req (14)
- Padding: 0
- ap-options: 00000000
- 0... .... = reserved: False
- .0.. .... = use-session-key: False
- ..0. .... = mutual-required: False
- ticket
- tkt-vno: 5
- realm: ACME.COM
- sname
- name-type: kRB5-NT-SRV-INST (2)
- sname-string: 2 items
- SNameString: krbtgt
- SNameString: ACME.COM
- enc-part
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- kvno: 2
- cipher: 61897d635087d6e5352cfb88a161b744f6b39f3dc04fa083...
- authenticator
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- cipher: 43486a5292708ce5242267ae94599b19cc303c2150d10ae8...
- PA-DATA Unknown:136
- padata-type: Unknown (136)
- padata-value: a081d13081cea1173015a003020110a10e040cc3a08e4bb7...
- req-body
- Padding: 0
- kdc-options: 40810000 (forwardable, renewable, canonicalize)
- 0... .... = reserved: False
- .1.. .... = forwardable: True
- ..0. .... = forwarded: False
- ...0 .... = proxiable: False
- .... 0... = proxy: False
- .... .0.. = allow-postdate: False
- .... ..0. = postdated: False
- .... ...0 = unused7: False
- 1... .... = renewable: True
- .0.. .... = unused9: False
- ..0. .... = unused10: False
- ...0 .... = opt-hardware-auth: False
- .... ..0. = request-anonymous: False
- .... ...1 = canonicalize: True
- 0... .... = constrained-delegation: False
- ..0. .... = disable-transited-check: False
- ...0 .... = renewable-ok: False
- .... 0... = enc-tkt-in-skey: False
- .... ..0. = renew: False
- .... ...0 = validate: False
- realm: ACME.COM
- sname
- name-type: kRB5-NT-PRINCIPAL (1)
- sname-string: 2 items
- SNameString: MSSQLSvc
- SNameString: myhost.acme.com
- till: 2018-03-28 01:25:40 (UTC)
- nonce: 1522165036
- etype: 8 items
- ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17)
- ENCTYPE: Unknown (20)
- ENCTYPE: Unknown (19)
- ENCTYPE: eTYPE-DES3-CBC-SHA1 (16)
- ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5 (23)
- ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25)
- ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26)
- Frame 483: 1398 bytes on wire (11184 bits), 1398 bytes captured (11184 bits) on interface 0
- Linux cooked capture
- Internet Protocol Version 4, Src: 192.168.47.120, Dst: 192.168.47.100
- Transmission Control Protocol, Src Port: 88, Dst Port: 56736, Seq: 1, Ack: 1606, Len: 1330
- Kerberos
- Record Mark: 1326 bytes
- 0... .... .... .... .... .... .... .... = Reserved: Not set
- .000 0000 0000 0000 0000 0101 0010 1110 = Record Length: 1326
- tgs-rep
- pvno: 5
- msg-type: krb-tgs-rep (13)
- crealm: ACME.COM
- cname
- name-type: kRB5-NT-PRINCIPAL (1)
- cname-string: 1 item
- CNameString: isaac
- ticket
- tkt-vno: 5
- realm: ACME.COM
- sname
- name-type: kRB5-NT-PRINCIPAL (1)
- sname-string: 2 items
- SNameString: MSSQLSvc
- SNameString: myhost.acme.com
- enc-part
- etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
- kvno: 2
- cipher: a8037591d290efd056cd8381f1f5d1a656bf0b9223dc60d7...
- enc-part
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- cipher: c546ef2a7261760a914d93bbaa9e7485d7ca32edd71d9a4d...
- Frame 565: 1683 bytes on wire (13464 bits), 1683 bytes captured (13464 bits) on interface 0
- Linux cooked capture
- Internet Protocol Version 4, Src: 192.168.47.100, Dst: 192.168.47.120
- Transmission Control Protocol, Src Port: 56738, Dst Port: 88, Seq: 1, Ack: 1, Len: 1615
- Kerberos
- Record Mark: 1611 bytes
- 0... .... .... .... .... .... .... .... = Reserved: Not set
- .000 0000 0000 0000 0000 0110 0100 1011 = Record Length: 1611
- tgs-req
- pvno: 5
- msg-type: krb-tgs-req (12)
- padata: 2 items
- PA-DATA PA-TGS-REQ
- padata-type: kRB5-PADATA-TGS-REQ (1)
- padata-value: 6e8204b7308204b3a003020105a10302010ea20703050000...
- ap-req
- pvno: 5
- msg-type: krb-ap-req (14)
- Padding: 0
- ap-options: 00000000
- 0... .... = reserved: False
- .0.. .... = use-session-key: False
- ..0. .... = mutual-required: False
- ticket
- tkt-vno: 5
- realm: ACME.COM
- sname
- name-type: kRB5-NT-SRV-INST (2)
- sname-string: 2 items
- SNameString: krbtgt
- SNameString: ACME.COM
- enc-part
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- kvno: 2
- cipher: 61897d635087d6e5352cfb88a161b744f6b39f3dc04fa083...
- authenticator
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- cipher: 6109af155405f1854a45276ae695c0044790e428fe29bba3...
- PA-DATA Unknown:136
- padata-type: Unknown (136)
- padata-value: a081d63081d3a1173015a003020110a10e040cad66ce78a5...
- req-body
- Padding: 0
- kdc-options: 40810000 (forwardable, renewable, canonicalize)
- 0... .... = reserved: False
- .1.. .... = forwardable: True
- ..0. .... = forwarded: False
- ...0 .... = proxiable: False
- .... 0... = proxy: False
- .... .0.. = allow-postdate: False
- .... ..0. = postdated: False
- .... ...0 = unused7: False
- 1... .... = renewable: True
- .0.. .... = unused9: False
- ..0. .... = unused10: False
- ...0 .... = opt-hardware-auth: False
- .... ..0. = request-anonymous: False
- .... ...1 = canonicalize: True
- 0... .... = constrained-delegation: False
- ..0. .... = disable-transited-check: False
- ...0 .... = renewable-ok: False
- .... 0... = enc-tkt-in-skey: False
- .... ..0. = renew: False
- .... ...0 = validate: False
- realm: ACME.COM
- sname
- name-type: kRB5-NT-PRINCIPAL (1)
- sname-string: 2 items
- SNameString: MSSQLSvc
- SNameString: myhost.acme.com:1444
- till: 2018-03-28 01:25:40 (UTC)
- nonce: 1522165049
- etype: 8 items
- ENCTYPE: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- ENCTYPE: eTYPE-AES128-CTS-HMAC-SHA1-96 (17)
- ENCTYPE: Unknown (20)
- ENCTYPE: Unknown (19)
- ENCTYPE: eTYPE-DES3-CBC-SHA1 (16)
- ENCTYPE: eTYPE-ARCFOUR-HMAC-MD5 (23)
- ENCTYPE: eTYPE-CAMELLIA128-CTS-CMAC (25)
- ENCTYPE: eTYPE-CAMELLIA256-CTS-CMAC (26)
- Frame 567: 1408 bytes on wire (11264 bits), 1408 bytes captured (11264 bits) on interface 0
- Linux cooked capture
- Internet Protocol Version 4, Src: 192.168.47.120, Dst: 192.168.47.100
- Transmission Control Protocol, Src Port: 88, Dst Port: 56738, Seq: 1, Ack: 1616, Len: 1340
- Kerberos
- Record Mark: 1336 bytes
- 0... .... .... .... .... .... .... .... = Reserved: Not set
- .000 0000 0000 0000 0000 0101 0011 1000 = Record Length: 1336
- tgs-rep
- pvno: 5
- msg-type: krb-tgs-rep (13)
- crealm: ACME.COM
- cname
- name-type: kRB5-NT-PRINCIPAL (1)
- cname-string: 1 item
- CNameString: isaac
- ticket
- tkt-vno: 5
- realm: ACME.COM
- sname
- name-type: kRB5-NT-PRINCIPAL (1)
- sname-string: 2 items
- SNameString: MSSQLSvc
- SNameString: myhost.acme.com:1444
- enc-part
- etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
- kvno: 2
- cipher: 87ccd9e522fb56e4a1fbc5a7477da2e1204de54169f19513...
- enc-part
- etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
- cipher: 365bf060210ac39a7f5944d1b9f917511ced2a0f0cd2ef0d...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement