How to decrypt kerberos packet in ethereal

Douglas E. Engert deengert at anl.gov
Mon Jul 23 11:16:11 EDT 2012 


On 7/19/2012 12:34 AM, isshed wrote:
> Hi All,
> When I tried generating keytab file using the ktutil I got the following error.
> ktutil:  addent -key -p host/example.com at EXAMPLE.COM <mailto:host/example.com at EXAMPLE.COM> -k 1 -e des3-cbc-md5
> addent: Bad encryption type while adding new entry
> ktutil: addent -key -p host/example.com at EXAMPLE.COM <mailto:host/example.com at EXAMPLE.COM> -k 1 -e des3-cbc-sha1
> addent: Bad encryption type while adding new entry
> ktutil:
> Could anyone please help me ?

As Danilo said, use the server's keytab.

Are the admin of the host? If so you would have access to
host's keytab file. If not, then you should not be able
to decrypt the packets.


Why are you still using DES?
Search for allow_weak_crypto


>
> Thanks.
> On Thu, Jul 19, 2012 at 12:44 AM, Douglas E. Engert <deengert at anl.gov <mailto:deengert at anl.gov>> wrote:
>
>
>
>     On 7/18/2012 12:17 PM, isshed wrote:
>      > Hi Douglas,
>      >
>      > Thanks for the quick response.
>      > Is there any perticuler format of the key? I have the key file but when I
>      > use ktutils it is not working..can you please provide one sample key file?
>      >
>
>     Should be the keytab file. Never tried this. See the wireshark documentation.
>     Bye.
>
>
>
>      > Thanks,
>      >
>      >
>      >
>      > On Wed, Jul 18, 2012 at 7:23 PM, Douglas E. Engert <deengert at anl.gov <mailto:deengert at anl.gov>> wrote:
>      >
>      >>
>      >>
>      >> On 7/18/2012 7:09 AM, isshed wrote:
>      >>> Hi All,
>      >>>
>      >>> I have kerberos wireshark/etthereal packets. I am not able to see the
>      >>> encrypted part of the data. Is there any way to decrypt the packets?
>      >> Could
>      >>> yo uplease letme know if there is any method/tool for the same?
>      >>
>      >> See: http://wiki.wireshark.org/Kerberos
>      >>
>      >> You must have the key, i.e be the admin of the KDC or the server or the
>      >> client.
>      >>
>      >>
>      >>
>      >>
>      >>>
>      >>> Thanks.
>      >>> _______________________________________________
>      >>> krbdev mailing list krbdev at mit.edu <mailto:krbdev at mit.edu>
>      >>> https://mailman.mit.edu/mailman/listinfo/krbdev
>      >>>
>      >>>
>      >>
>      >> --
>      >>
>      >>    Douglas E. Engert  <DEEngert at anl.gov <mailto:DEEngert at anl.gov>>
>      >>    Argonne National Laboratory
>      >>    9700 South Cass Avenue
>      >>    Argonne, Illinois  60439
>      >>    (630) 252-5444
>      >>
>      >>
>      >> _______________________________________________
>      >> krbdev mailing list krbdev at mit.edu <mailto:krbdev at mit.edu>
>      >> https://mailman.mit.edu/mailman/listinfo/krbdev
>      >>
>      > _______________________________________________
>      > krbdev mailing list krbdev at mit.edu <mailto:krbdev at mit.edu>
>      > https://mailman.mit.edu/mailman/listinfo/krbdev
>      >
>      >
>
>     --
>
>        Douglas E. Engert  <DEEngert at anl.gov <mailto:DEEngert at anl.gov>>
>        Argonne National Laboratory
>        9700 South Cass Avenue
>        Argonne, Illinois  60439
>        (630) 252-5444
>
>
>     _______________________________________________
>     krbdev mailing list krbdev at mit.edu <mailto:krbdev at mit.edu>
>     https://mailman.mit.edu/mailman/listinfo/krbdev
>
>

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list