Wireshark Kerberos AES decryption issue

Jaideep Padhye jdthebigj at yahoo.com
Fri Jun 11 18:13:17 MDT 2010

I downloaded and built the metze's wireshark branch. Everything went fine as per the instructions. I used Samba 4 net vampire tool to fetch the server keys and make a keytab.  I took a capture of the vampire session from Samba4 <-> Win2k8 server and I had following observations:
1] Wireshark was able to decrypt the AP-REQ/ AP-REP encrypted parts in the Bind/Bind-ack packets respectively. 
2] It was able to get the subkey for the session. 
3] The encrypted data in the Request/Response packets was NOT decrypted.

My questions are as follows:
1] Is this behavior expected. If so, then can someone explain me the reason?
2] If this behavior is not expected, can someone help me in fixing the issue?




More information about the samba-technical mailing list