Not counting the initial anonymous GET request:
•Kerberos uses one round trip to authenticate a client
•NTLM has a “challenge” phase that adds a second round trip
◦If you have SSL enabled (HTTPS) on the website your testing make sure to enable Fiddler to Decrypt SSL, this can be done by clicking the Tools Menu, then Fiddler Options, then click the HTTPS tab, then select the “Decrypt HTTPS Traffic” checkbox.
If you see the Authorization token begin with “YII” Kerberos is functioning, if you see “TlR” then Kerberos did not function – here are images of each scenario: