WINRM authentication

I connected a remote PC using WINRM. Using Enter-PSSession -cn . Also seen netmon trace & found only SNTP, TCP & HTTP traffic. Can you pls explain how authecation is worked there using those three Protocol? No kerberos/ntlm found. Even I used ISE New remote powershell tab & result is same . Only found SNTP, TCP & HTTP traffic

Assuming your traces are complete, the authentication is probably in the packets you’ve listed as TCP. TCP is a transport-layer protocol that can carry just about any type of application traffic (including HTTP.)

Sounds correct. Kerberos is over TCP as with most other communication really.

And Remoting itself is HTTP. HTTP is entirely capable of carrying authentication information.