Ask Your Question

Revision history [back]

Decrypt kerberos traffic with wireshark using exported keytab

Hey everyone,

It has been two days in a row that I spend hours trying to decrypt kerberos traffic using wireshark.

For learning purposes, I want to be able to read the encrypted parts of tickets and authenticators inside of wireshark.

I know its possible and wireshark supply an option to import a keytab file.

I read about a tool named ktexport, but I searched all over and it is nowhere to be found.

So I tried ktpass, but it seems like it not meant for that purpose, and it didn't work for me anyhow.

My last resort was Wireshark's kerberos examples, that come with a keytab file, but they are not working either.

Can anyone help me?