Ethereal-users: Re: [Ethereal-users] Decoding Kerberos V4 packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Thu, 24 Feb 2005 19:58:16 +1100
What i mean is not decrypting encrypted traffic such as telnet etc.

What i mean is that if you recompile ethereal under unix and if you
have either heimdal or mit kerberos libraries available then ethereal
will offer you a new preference setting to (IFF you provide the
appropriate keytab file)
decrypt the encrypted parts of kerberos 5 packets.

This includes decryption and dissection of the PAC structure that is
used when MS CIFS clients authenticates to a CIFS member server.

For CIFS analysis it is very useful to be able to decrypt the ticket
and display the content of the PAC.



On Wed, 23 Feb 2005 16:06:47 -0500, Pierre Goyette
<pierre@xxxxxxxxxxxxxxxx> wrote:
> The problem is not regarding encrypted telnet traffic or something, the
> problem is that Ethereal can decode a Kerberos V5 service ticket request
> and response but cannot decode a Kerberos V4 service ticket request and
> response. This is the request which goes from a client workstation to a
> kdc. My guess is that since few people use V4, the decode of that packet
> format is buggy...
> 
> Pierre
>