Wireshark Kerberos AES decryption issue
jdthebigj at yahoo.com
Fri Jun 11 18:13:17 MDT 2010
I downloaded and built the metze's wireshark branch. Everything went fine as per the instructions. I used Samba 4 net vampire tool to fetch the server keys and make a keytab. I took a capture of the vampire session from Samba4 <-> Win2k8 server and I had following observations:
1] Wireshark was able to decrypt the AP-REQ/ AP-REP encrypted parts in the Bind/Bind-ack packets respectively.
2] It was able to get the subkey for the session.
3] The encrypted data in the Request/Response packets was NOT decrypted.
My questions are as follows:
1] Is this behavior expected. If so, then can someone explain me the reason?
2] If this behavior is not expected, can someone help me in fixing the issue?
More information about the samba-technical