I am trying my hand at the latest HoneyNet Challenge: http://www.honeynet.org/node/829
It requires an analysis of a PCAP file. The traffic appears to be telnet, but encrypting using DES.
I am assuming based on my searching so far using this RFC Draft: http://tools.ietf.org/html/draft-tso-telnet-enc-des-cfb-03
It reads in the draft that the IV is sent in the clear. Looking into the PCAP I do not see the actual command mentioned in the RFC "CFB64_IV"
So I am wondering if Wireshark has a way for me to extract that IV and use it to decrypt the remaining traffic via a replay. Any feedback is appreciated.
