Wireshark · Wireshark-users: [Wireshark-users] TShark -T fields and kerberos decryption

Wireshark-users: [Wireshark-users] TShark -T fields and kerberos decryption

From: Guy Shtub <guy@xxxxxxxxxxxxxxxxxxxx>

Date: Sun, 19 Jul 2009 11:32:56 +0200

Hi,
I'm using TShark to capture SMB packets, using the "-T fields" flag to get specific fields of the packets that interest me.
I'm able to decrypt kerberos (krb5) using a keytab file.
I can not find a way to get the decrypted Client Name (Principal) when using the -T fields option.
If I run TShark in verbose mode -V I can get the client name.
If I run it with -x mode to display all bytes, I get all the bytes encrypted followed by all the bytes decrypted.

Is there a way to get just the client name field decrypted with the -T fields option?

Regards,
Guy.

Follow-Ups:
- Re: [Wireshark-users] TShark -T fields and kerberos decryption
  - From: j . snelders

Prev by Date: Re: [Wireshark-users] Network Analysis Training
Next by Date: Re: [Wireshark-users] TShark -T fields and kerberos decryption
Previous by thread: Re: [Wireshark-users] Question about TCP buffering and Wireshark
Next by thread: Re: [Wireshark-users] TShark -T fields and kerberos decryption
Index(es):
- Date
- Thread