Wireshark-dev: [Wireshark-dev] wireshark and tshark -K option not sufficient to activate Kerber
This is a follow-on to an issue I posted last month, that I've now done some
more looking into.
Using Wireshark and Tshark 1.2.5 (the situation is the same in 1.2.6, and
looking at the code of 1.3.2 I don't think it's different there either),
I've tested the situation where there are no existing preferences defined
for Kerberos processing. That is, nothing is set in the user's home
"preferences" file.
Running either wireshark -K keytab-filename or tshark -K keytab-filename
does *not* result in successful Kerberos decoding. Using a 1.2.5 I built on
Linux, you have to use also specify that Kerberos decrypting is to take
place, like this:
tshark -o kerberos.decrypt:TRUE -K keytab-filename ...
This alternate form using only -o options also works:
tshark -o kerberos.decrypt:TRUE -o kerberos.file:keytab-filename ...
Without the "-o kerberos.decrypt:TRUE", the krb_decrypt variable inside
epan/dissectors/packet-kerberos.c never gets set to TRUE, and calls to the
Kerberos dissect and decode functions return at the top without doing
anything.
Shouldn't the -K option also imply that Kerberos decryption is desired? Why
would the user ever specify it otherwise? Shouldn't processing of the -K
option result in the krb_decrypt variable being set to TRUE?
Thanks,
Jonathan Schilling