Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Decrypting a PCAP of DES 64 Encrypted Telnet Traffic

Date: Tue, 24 Apr 2012 17:19:05 -0500 (CDT)

I am trying my hand at the latest HoneyNet Challenge: http://www.honeynet.org/node/829

It requires an analysis of a PCAP file.  The traffic appears to be telnet, but encrypting using DES.

I am assuming based on my searching so far using this RFC Draft: http://tools.ietf.org/html/draft-tso-telnet-enc-des-cfb-03

 

It reads in the draft that the IV is sent in the clear. Looking into the PCAP I do not see the actual command mentioned in the RFC  "CFB64_IV"

 

So I am wondering if Wireshark has a way for me to extract that IV and use it to decrypt the remaining traffic via a replay. Any feedback is appreciated.