Hello,
I've installed Wireshark 0.99.5 on Windows XP pro
and I've tried to see how kerberos decryption works using the
SampleCaptures files from http://wiki.wireshark.org/Kerberos.
I've set the KRB5 protocol preferences to "Try
to decrypt kerberos blobs" and I've specified the "Kerberos tab file" with the
one supplied in the corresponding example then I've uploaded the .cap
file.
The result was that I didn't get any "decrypt"
information in any of those examples ("krb-816", "kerberos-Delegation",
"constrained-delegation") - the original .cap file remained
unchanged.
In fact even when I've set as keytab file
a non-existent file, "Wireshark" loaded the .cap file happily without any 'File
not found' errors.
Does anybody else had the same experience? Any help
will be much appreciated.
Thanks.