WINRM authentication

Team,
I connected a remote PC using WINRM. Using Enter-PSSession -cn . Also seen netmon trace & found only SNTP, TCP & HTTP traffic. Can you pls explain how authecation is worked there using those three Protocol? No kerberos/ntlm found. Even I used ISE New remote powershell tab & result is same . Only found SNTP, TCP & HTTP traffic

Assuming your traces are complete, the authentication is probably in the packets you’ve listed as TCP. TCP is a transport-layer protocol that can carry just about any type of application traffic (including HTTP.)

Sounds correct. Kerberos is over TCP as with most other communication really.

http://wiki.wireshark.org/Kerberos

And Remoting itself is HTTP. HTTP is entirely capable of carrying authentication information.