Frame Number: 10

• geninfo General information
  • num Number
  • len Frame Length
  • caplen Captured Length
  • timestamp Captured Time
• frame Frame 10: 1415 bytes on wire (11320 bits), 1415 bytes captured (11320 bits) on interface 0
  • frame.interface_id Interface id: 0
  • frame.encap_type Encapsulation type: Ethernet (1)
  • frame.time Arrival Time: Dec 20, 2004 06:20:34.769640000 Eastern Standard Time
  • frame.offset_shift Time shift for this packet: 0.000000000 seconds
  • frame.time_epoch Epoch Time: 1103541634.769640000 seconds
  • frame.time_delta Time delta from previous captured frame: 0.006038000 seconds
  • frame.time_delta_displayed Time delta from previous displayed frame: 0.006038000 seconds
  • frame.time_relative Time since reference or first frame: 0.716502000 seconds
  • frame.number Frame Number: 10
  • frame.len Frame Length: 1415 bytes (11320 bits)
  • frame.cap_len Capture Length: 1415 bytes (11320 bits)
  • frame.marked Frame is marked: False
  • frame.ignored Frame is ignored: False
  • frame.protocols Protocols in frame: eth:ip:tcp:ldap:gss-api:spnego:spnego-krb5
• eth Ethernet II, Src: Vmware_f0:6b:d1 (00:0c:29:f0:6b:d1), Dst: Vmware_09:4d:fa (00:0c:29:09:4d:fa)
  • eth.dst Destination: Vmware_09:4d:fa (00:0c:29:09:4d:fa)
    • eth.addr Address: Vmware_09:4d:fa (00:0c:29:09:4d:fa)
    • eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    • eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  • eth.src Source: Vmware_f0:6b:d1 (00:0c:29:f0:6b:d1)
    • eth.addr Address: Vmware_f0:6b:d1 (00:0c:29:f0:6b:d1)
    • eth.lg .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    • eth.ig .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  • eth.type Type: IP (0x0800)
• ip Internet Protocol Version 4, Src: 172.31.1.104 (172.31.1.104), Dst: 172.31.1.101 (172.31.1.101)
  • ip.version Version: 4
  • ip.hdr_len Header length: 20 bytes
  • ip.dsfield Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
    • ip.dsfield.dscp 0000 00.. = Differentiated Services Codepoint: Default (0x00)
    • ip.dsfield.ecn .... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
  • ip.len Total Length: 1401
  • ip.id Identification: 0xb60f (46607)
  • ip.flags Flags: 0x02 (Don't Fragment)
    • ip.flags.rb 0... .... = Reserved bit: Not set
    • ip.flags.df .1.. .... = Don't fragment: Set
    • ip.flags.mf ..0. .... = More fragments: Not set
  • ip.frag_offset Fragment offset: 0
  • ip.ttl Time to live: 128
  • ip.proto Protocol: TCP (6)
  • ip.checksum Header checksum: 0xe463 [validation disabled]
    • ip.checksum_good Good: False
    • ip.checksum_bad Bad: False
  • ip.src Source: 172.31.1.104 (172.31.1.104)
  • ip.addr Source or Destination Address: 172.31.1.104 (172.31.1.104)
  • ip.src_host Source Host: 172.31.1.104
  • ip.host Source or Destination Host: 172.31.1.104
  • ip.dst Destination: 172.31.1.101 (172.31.1.101)
  • ip.addr Source or Destination Address: 172.31.1.101 (172.31.1.101)
  • ip.dst_host Destination Host: 172.31.1.101
  • ip.host Source or Destination Host: 172.31.1.101
  • Source GeoIP: Unknown
  • Destination GeoIP: Unknown
• tcp Transmission Control Protocol, Src Port: mctet-gateway (3116), Dst Port: ldap (389), Seq: 352, Ack: 2201, Len: 1361
  • tcp.srcport Source port: mctet-gateway (3116)
  • tcp.dstport Destination port: ldap (389)
  • tcp.port Source or Destination Port: 3116
  • tcp.port Source or Destination Port: 389
  • tcp.stream Stream index: 0
  • tcp.len TCP Segment Len: 1361
  • tcp.seq Sequence number: 352 (relative sequence number)
  • tcp.nxtseq Next sequence number: 1713 (relative sequence number)
  • tcp.ack Acknowledgment number: 2201 (relative ack number)
  • tcp.hdr_len Header length: 20 bytes
  • tcp.flags Flags: 0x018 (PSH, ACK)
    • tcp.flags.res 000. .... .... = Reserved: Not set
    • tcp.flags.ns ...0 .... .... = Nonce: Not set
    • tcp.flags.cwr .... 0... .... = Congestion Window Reduced (CWR): Not set
    • tcp.flags.ecn .... .0.. .... = ECN-Echo: Not set
    • tcp.flags.urg .... ..0. .... = Urgent: Not set
    • tcp.flags.ack .... ...1 .... = Acknowledgment: Set
    • tcp.flags.push .... .... 1... = Push: Set
    • tcp.flags.reset .... .... .0.. = Reset: Not set
    • tcp.flags.syn .... .... ..0. = Syn: Not set
    • tcp.flags.fin .... .... ...0 = Fin: Not set
  • tcp.window_size_value Window size value: 64240
  • tcp.window_size Calculated window size: 64240
  • tcp.window_size_scalefactor Window size scaling factor: -2 (no window scaling used)
  • tcp.checksum Checksum: 0x9d13 [validation disabled]
    • tcp.checksum_good Good Checksum: False
    • tcp.checksum_bad Bad Checksum: False
  • tcp.analysis SEQ/ACK analysis
    • tcp.analysis.bytes_in_flight Bytes in flight: 1361
  • tcp.pdu.size PDU Size: 1361
• ldap Lightweight Directory Access Protocol
  • ldap.LDAPMessage LDAPMessage bindRequest(215) "<ROOT>" sasl
    • ldap.messageID messageID: 215
    • ldap.protocolOp protocolOp: bindRequest (0)
      • ldap.bindRequest bindRequest
        • ldap.version version: 3
        • ldap.name name:
        • ldap.authentication authentication: sasl (3)
          • ldap.sasl sasl
            • ldap.mechanism mechanism: GSS-SPNEGO
            • ldap.credentials credentials: 6082052206062b0601050502a082051630820512a0243022...
            • gss-api GSS-API Generic Security Service Application Program Interface
              • gss-api.OID OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
              • spnego Simple Protected Negotiation
                • spnego.negTokenInit negTokenInit
                  • spnego.mechTypes mechTypes: 3 items
                    • spnego.MechType MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
                    • spnego.MechType MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
                    • spnego.MechType MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                  • spnego.mechToken mechToken: 608204e006092a864886f71201020201006e8204cf308204...
                  • spnego.krb5.blob krb5_blob: 608204e006092a864886f71201020201006e8204cf308204...
                    • spnego.krb5_oid KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
                    • spnego.krb5.tok_id krb5_tok_id: KRB5_AP_REQ (0x0001)
                    • kerberos Kerberos AP-REQ
                      • kerberos.pvno Pvno: 5
                      • kerberos.msg.type MSG Type: AP-REQ (14)
                      • ber.bitstring.padding Padding: 0
                      • kerberos.apoptions APOptions: 20000000 (Mutual required)
                        • kerberos.apoptions.reserved 0... .... .... .... .... .... .... .... = reserved: RESERVED bit off
                        • kerberos.apoptions.use_session_key .0.. .... .... .... .... .... .... .... = Use Session Key: Do NOT use the session key to encrypt the ticket
                        • kerberos.apoptions.mutual_required ..1. .... .... .... .... .... .... .... = Mutual required: MUTUAL authentication is REQUIRED
                      • kerberos.ticket Ticket
                        • kerberos.tkt_vno Tkt-vno: 5
                        • kerberos.realm Realm: W2K3.VMNET1.VM.BASE
                        • kerberos.sname Server Name (Service and Instance): ldap/w2k3-101.w2k3.vmnet1.vm.base/w2k3.vmnet1.vm.base
                          • kerberos.name_type Name-type: Service and Instance (2)
                          • kerberos.name_string Name: ldap
                          • kerberos.name_string Name: w2k3-101.w2k3.vmnet1.vm.base
                          • kerberos.name_string Name: w2k3.vmnet1.vm.base
                        • kerberos.ticket.enc_part enc-part rc4-hmac
                          • kerberos.etype Encryption type: rc4-hmac (23)
                          • kerberos.kvno Kvno: 8
                          • kerberos.ticket.data enc-part: a235aaeb4b8dad2cc1a67f54db030352cc34864c8cf3b643...
                      • kerberos.authenticator Authenticator rc4-hmac
                        • kerberos.etype Encryption type: rc4-hmac (23)
                        • kerberos.authenticator.data Authenticator data: a4c512aa45ad25db7acbbfcfa6083e3eba0a90edb649b329...