Ethereal-users: [Ethereal-users] Account lock-out
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Craig Wicker" <CWicker@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 16 Mar 2005 15:21:18 -0500
I have a user whose account is getting locked out at random times;
either every hour or every ten minutes. I have attached two packets. Can
someone tell me what/why/where the problem is?
No. Time Delta Source Destination
Portocol Info
4603 186.898657 0.000822 10.1.10.94
1corpexch.hooker-hfc.com KRB5 AS-REQ
Frame 4603 (362 bytes on wire, 362 bytes captured)
Arrival Time: Mar 15, 2005 11:49:16.979072000
Time delta from previous packet: 0.000822000 seconds
Time since reference or first frame: 186.898657000 seconds
Frame Number: 4603
Packet Length: 362 bytes
Capture Length: 362 bytes
Ethernet II, Src: 00:11:43:14:63:53, Dst: 00:08:02:7f:d0:50
Destination: 00:08:02:7f:d0:50 (1corpexch.hooker-hfc.com)
Source: 00:11:43:14:63:53 (DellWwPc_14:63:53)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.1.10.94 (10.1.10.94), Dst Addr:
1corpexch.hooker-hfc.com (10.1.1.22)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 348
Identification: 0x2600 (9728)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xf41b (correct)
Source: 10.1.10.94 (10.1.10.94)
Destination: 1corpexch.hooker-hfc.com (10.1.1.22) User Datagram
Protocol, Src Port: 4413 (4413), Dst Port: kerberos (88)
Source port: 4413 (4413)
Destination port: kerberos (88)
Length: 328
Checksum: 0x5c2d (correct)
Kerberos AS-REQ
Pvno: 5
MSG Type: AS-REQ (10)
padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
Type: PA-ENC-TIMESTAMP (2)
Value: 3045A003020117A106020477F57D70A2... rc4-hmac
Encryption type: rc4-hmac (23)
Kvno: 2012577136
enc PA_ENC_TIMESTAMP:
BBC8D80DF430873A6DC6D86EA776A782...
Type: PA-PAC-REQUEST (128)
Value: 3005A0030101FF
PAC Request: 1
KDC_REQ_BODY
Padding: 0
KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize,
Renewable OK)
.1.. .... .... .... .... .... .... .... = Forwardable:
FORWARDABLE tickets are allowed/requested
..0. .... .... .... .... .... .... .... = Forwarded: This is
NOT a forwarded ticket
...0 .... .... .... .... .... .... .... = Proxyable: Do NOT
use proxiable tickets
.... 0... .... .... .... .... .... .... = Proxy: This ticket
has NOT been proxied
.... .0.. .... .... .... .... .... .... = Allow Postdate: We
do NOT allow the ticket to be postdated
.... ..0. .... .... .... .... .... .... = Postdated: This
ticket is NOT postdated
.... .... 1... .... .... .... .... .... = Renewable: This
ticket is RENEWABLE
.... .... ...0 .... .... .... .... .... = Opt HW Auth: False
.... .... .... ...1 .... .... .... .... = Canonicalize: This
is a request for a CANONICALIZED ticket
.... .... .... .... .... .... ..0. .... = Disable Transited
Check: Transited checking is NOT disabled
.... .... .... .... .... .... ...1 .... = Renewable OK: We
accept RENEWED tickets
.... .... .... .... .... .... .... 0... = Enc-Tkt-in-Skey:
Do NOT encrypt the tkt inside the skey
.... .... .... .... .... .... .... ..0. = Renew: This is NOT
a request to renew a ticket
.... .... .... .... .... .... .... ...0 = Validate: This is
NOT a request to validate a postdated ticket
Client Name (Principal): pcannada
Name-type: Principal (1)
Name: pcannada
Realm: HOOKER-HFC.COM
Server Name (Service and Instance): krbtgt/HOOKER-HFC.COM
Name-type: Service and Instance (2)
Name: krbtgt
Name: HOOKER-HFC.COM
till: 2037-09-13 02:48:05 (Z)
rtime: 2037-09-13 02:48:05 (Z)
Nonce: 1818549332
Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5
des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
Encryption type: rc4-hmac (23)
Encryption type: rc4-hmac-old (-133)
Encryption type: rc4-md4 (-128)
Encryption type: des-cbc-md5 (3)
Encryption type: des-cbc-crc (1)
Encryption type: rc4-hmac-exp (24)
Encryption type: rc4-hmac-old-exp (-135)
HostAddresses: CORPXPW050110<20>
HostAddress CORPXPW050110<20>
Addr-type: NETBIOS (20)
NetBIOS Name: CORPXPW050110<20> (Server service)
No. Time Delta Source Destination
Portocol Info
4604 186.901897 0.003240 1corpexch.hooker-hfc.com 10.1.10.94
KRB5 KRB Error: KRB5KDC_ERR_CLIENT_REVOKED
Frame 4604 (169 bytes on wire, 169 bytes captured)
Arrival Time: Mar 15, 2005 11:49:16.982312000
Time delta from previous packet: 0.003240000 seconds
Time since reference or first frame: 186.901897000 seconds
Frame Number: 4604
Packet Length: 169 bytes
Capture Length: 169 bytes
Ethernet II, Src: 00:08:02:7f:d0:50, Dst: 00:11:43:14:63:53
Destination: 00:11:43:14:63:53 (DellWwPc_14:63:53)
Source: 00:08:02:7f:d0:50 (1corpexch.hooker-hfc.com)
Type: IP (0x0800)
Internet Protocol, Src Addr: 1corpexch.hooker-hfc.com (10.1.1.22), Dst
Addr: 10.1.10.94 (10.1.10.94)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 155
Identification: 0x0126 (294)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x19b7 (correct)
Source: 1corpexch.hooker-hfc.com (10.1.1.22)
Destination: 10.1.10.94 (10.1.10.94) User Datagram Protocol, Src
Port: kerberos (88), Dst Port: 4413 (4413)
Source port: kerberos (88)
Destination port: 4413 (4413)
Length: 135
Checksum: 0xbd75 (correct)
Kerberos KRB-ERROR
Pvno: 5
MSG Type: KRB-ERROR (30)
stime: 2005-03-15 16:49:17 (Z)
susec: 369529
error_code: KRB5KDC_ERR_CLIENT_REVOKED (18)
Realm: HOOKER-HFC.COM
Server Name (Service and Instance): krbtgt/HOOKER-HFC.COM
Name-type: Service and Instance (2)
Name: krbtgt
Name: HOOKER-HFC.COM
e-data
Craig Wicker
Systems Administrator
Hooker Furniture Corporation
Sniffer Certified Professional
CompTIA A+, N+
Microsoft MCP
Cisco CCNA
HP-UX
Kind of makes you want to run through the house with scissors, doesn't
it?!
- Follow-Ups:
- Re: [Ethereal-users] Account lock-out
- From: Alexandros Papadopoulos
- Re: [Ethereal-users] Account lock-out
- Prev by Date: [Ethereal-users] ROUND TRIP TIME GRAPH
- Next by Date: Re: [Ethereal-users] RTP Analysis: Error: "Can't save in afile:Unsupported codec!"
- Previous by thread: Re: [Ethereal-users] ROUND TRIP TIME GRAPH
- Next by thread: Re: [Ethereal-users] Account lock-out
- Index(es):
