http://www.adopenstatic.com/cs/blogs/ken/archive/2006/08/02/Two-easy-_2800_easier_3F002900_-ways-to-determine-Kerberos-from-NTLM-in-a-HTTP-capture.aspxTristan&#39;s got a post explaining how to determine whether your client&#39;s using NTLM or Kerberos when authenticating to your web application. Is there a better way than looking at the size of the request? I think so (but that&#39;s just my opinion).enCommunityServer 2.1 (Build: 60809.935)http://www.adopenstatic.com/cs/blogs/ken/archive/2006/08/02/Two-easy-_2800_easier_3F002900_-ways-to-determine-Kerberos-from-NTLM-in-a-HTTP-capture.aspx#400Tue, 12 Sep 2006 03:25:05 GMTe0e31441-78b9-4457-b9b0-6f7906e03e71:400TristanKYep, the Ethereal/Wireshark protocol dissectors are pretty good, and the event log's also nice. <br> <br>I frequently end up in Netmon 2 because it's available on the CD in Windows Server editions, and in NM2 it's quite difficult to pick the difference unless you know what to look for. <br> <br>The event logs are useful if you're auditing logon events, especially for troubleshooting failures. <br> <br>Ta for the comments!http://www.adopenstatic.com/cs/blogs/ken/archive/2006/08/02/Two-easy-_2800_easier_3F002900_-ways-to-determine-Kerberos-from-NTLM-in-a-HTTP-capture.aspx#1057Tue, 16 Jan 2007 20:48:59 GMTe0e31441-78b9-4457-b9b0-6f7906e03e71:1057Ken Schaefer<p>In Part 3 of this series we look at setting up Kerberos Authentication in the simplest possible scenario.</p>