Wireshark Kerberos AES decryption issue
Andrew Bartlett
abartlet at samba.org
Tue Jun 15 20:15:23 MDT 2010
On Mon, 2010-06-14 at 08:07 -0700, Jaideep Padhye wrote:
>
> >I downloaded and built the metze's wireshark branch. Everything went fine as per the instructions. I used Samba 4 net vampire tool to fetch the server keys and make a keytab. I took a capture of the vampire session from Samba4 <-> >Win2k8 server and I had following observations:
>
> >1] Wireshark was able to decrypt the AP-REQ/ AP-REP encrypted parts in the Bind/Bind-ack packets respectively.
> >2] It was able to get the subkey for the session.
> >3] The encrypted data in the Request/Response packets was NOT decrypted.
> >
> >My questions are as follows:
> >1] Is this behavior expected. If so, then can someone explain me the reason?
> >2] If this behavior is not expected, can someone help me in fixing the issue?
> >
> >Thanks,
> >
> >Jaideep
> >
>
>
> Can someone help me with this issue?
What type of packets are you trying to decrypt? Have you determined if
you can (for example) decrypt LDAP packets, but not DCE/RPC packets?
Andrew Bartlett
More information about the samba-technical
mailing list