Wireshark-users: [Wireshark-users] Decrypt Sample Captures files.
From: "Gigel Dumitriu" <[email protected]>
Date: Wed, 25 Apr 2007 16:13:21 +1000
Hello,
 
I've installed Wireshark 0.99.5 on Windows XP pro and I've tried to see how kerberos decryption works using the SampleCaptures files from http://wiki.wireshark.org/Kerberos.
I've set the KRB5 protocol preferences to "Try to decrypt kerberos blobs" and I've specified the "Kerberos tab file" with the one supplied in the corresponding example then I've uploaded the .cap file.
 
The result was that I didn't get any "decrypt" information in any of those examples ("krb-816", "kerberos-Delegation", "constrained-delegation") - the original .cap file remained unchanged.
 
In fact even when I've set as keytab file a non-existent file, "Wireshark" loaded the .cap file happily without any 'File not found' errors.
 
Does anybody else had the same experience? Any help will be much appreciated.
Thanks.