Mac Address/Hostname
nbsn
udp.ort eq 67 or 68

IP
ip.addr

HTTP
http.request

HTTPS
ssl.handshake.type == 1

Kerberos
kerberos
kerberos and ip.addr eq XXX.XXX.XXX.XXX
windows account name
kerberos.CNameString and !(kerberos.CNameString contains $)
->under cname
or
ip.addr eq 172.16.1.138 and kerberos.CNameString and !(kerberos.CNameString
contains $)
->if result -> ip is a windows host

Domain Controller Traffic
udp.port eq 138
nbdgm.type == 17

TCP Syn
tcp.flags eq 0x0002

Associated dns
http.request or (tcp.flags eq 0x0002 and !(ip.dst eq 172.16.1.0/24)) or dns.qry.name