Wireshark mailing list archives
wireshark and tshark -K option not sufficient to activate Kerberos decoding
From: "Jonathan Schilling" <jschilling () niksun com>
Date: Tue, 16 Feb 2010 10:45:39 -0500
This is a follow-on to an issue I posted last month, that I've now done some more looking into. Using Wireshark and Tshark 1.2.5 (the situation is the same in 1.2.6, and looking at the code of 1.3.2 I don't think it's different there either), I've tested the situation where there are no existing preferences defined for Kerberos processing. That is, nothing is set in the user's home "preferences" file. Running either wireshark -K keytab-filename or tshark -K keytab-filename does *not* result in successful Kerberos decoding. Using a 1.2.5 I built on Linux, you have to use also specify that Kerberos decrypting is to take place, like this: tshark -o kerberos.decrypt:TRUE -K keytab-filename ... This alternate form using only -o options also works: tshark -o kerberos.decrypt:TRUE -o kerberos.file:keytab-filename ... Without the "-o kerberos.decrypt:TRUE", the krb_decrypt variable inside epan/dissectors/packet-kerberos.c never gets set to TRUE, and calls to the Kerberos dissect and decode functions return at the top without doing anything. Shouldn't the -K option also imply that Kerberos decryption is desired? Why would the user ever specify it otherwise? Shouldn't processing of the -K option result in the krb_decrypt variable being set to TRUE? Thanks, Jonathan Schilling ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- wireshark and tshark -K option not sufficient to activate Kerberos decoding Jonathan Schilling (Feb 17)