Wireshark Kerberos AES decryption issue

Jaideep Padhye jdthebigj at yahoo.com
Mon Jun 14 09:07:42 MDT 2010

>I downloaded and built the metze's wireshark branch. Everything went fine as per the instructions. I used Samba 4 net vampire tool to fetch the server keys and make a keytab.  I took a capture of the vampire session from Samba4 <-> >Win2k8 server and I had following observations:

>1] Wireshark was able to decrypt the AP-REQ/ AP-REP encrypted parts in the Bind/Bind-ack packets respectively. 
>2] It was able to get the subkey for the session. 
>3] The encrypted data in the Request/Response packets was NOT decrypted.
>My questions are as follows:
>1] Is this behavior expected. If so, then can someone explain me the reason?
>2] If this behavior is not expected, can someone help me in fixing the issue?

Can someone help me with this issue?




More information about the samba-technical mailing list