Kerberos Password Sniffing

[res1ah2w]

I just received an e-mail from NTBUGTRAQ regarding a utility someone wrote
which will sniff out Kerberos passwords on-the-wire and crack them using a
standard dictionary crack. Here's the URL
http://ntsecurity.nu/toolbox/kerbcrack/. I'm not sure if it works, as I have
not tried it. I'm still having trouble wrapping my head around the idea
since the password, not even a hashed version of the password, is never sent
across the wire during a Kerberos authentication request. I could be
wrong..I'll have to look it up. I'm just having trouble figuring this out
his since Kerberos was created to prevent password sniffing.