Wireshark-users: [Wireshark-users] Decrypting a PCAP of DES 64 Encrypted Telnet Traffic
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "joseph@xxxxxxxxxxxxx" <joseph@xxxxxxxxxxxxx>
Date: Tue, 24 Apr 2012 17:19:05 -0500 (CDT)

I am trying my hand at the latest HoneyNet Challenge: http://www.honeynet.org/node/829

It requires an analysis of a PCAP file.  The traffic appears to be telnet, but encrypting using DES.

I am assuming based on my searching so far using this RFC Draft: http://tools.ietf.org/html/draft-tso-telnet-enc-des-cfb-03

 

It reads in the draft that the IV is sent in the clear. Looking into the PCAP I do not see the actual command mentioned in the RFC  "CFB64_IV"

 

So I am wondering if Wireshark has a way for me to extract that IV and use it to decrypt the remaining traffic via a replay. Any feedback is appreciated.