Author Posts

August 6, 2014 at 8:52 am

Team,
I connected a remote PC using WINRM. Using Enter-PSSession -cn . Also seen netmon trace & found only [b]SNTP, TCP & HTTP[/b] traffic. Can you pls explain how authecation is worked there using those three Protocol? No kerberos/ntlm found. Even I used ISE [b]New remote powershell tab[/b] & result is same . Only found [b]SNTP, TCP & HTTP[/b] traffic

August 6, 2014 at 8:57 am

Assuming your traces are complete, the authentication is probably in the packets you've listed as TCP. TCP is a transport-layer protocol that can carry just about any type of application traffic (including HTTP.)

August 6, 2014 at 9:49 am

Sounds correct. Kerberos is over TCP as with most other communication really.

http://wiki.wireshark.org/Kerberos

August 6, 2014 at 10:15 am

And Remoting itself is HTTP. HTTP is entirely capable of carrying authentication information.