Hi,
I'm using TShark to capture SMB packets, using the "-T fields" flag to get specific fields of the packets that interest me.
I'm able to decrypt kerberos (krb5) using a keytab file.
I can not find a way to get the decrypted Client Name (Principal) when using the -T fields option.
If I run TShark in verbose mode -V I can get the client name.
If I run it with -x mode to display all bytes, I get all the bytes encrypted followed by all the bytes decrypted.
Is there a way to get just the client name field decrypted with the -T fields option?
Regards,
Guy.