CloudShark Support

Kerberos Decryption in CloudShark

Kerberos Decryption

CloudShark can decode Kerberos packets using a Kerberos keytab file. When a Kerbose keytab is available, CloudShark will consult this file to see if any encrypted kerberos traffic can be decrypted.

Generating a Keytab File

Creation of the Kerberos keytab file is documented on the Wireshark Kerberos Wiki

Decode Options

Kerberos encryption is enabled by adding the following entries to your decode options:

kerberos.file: <path to key tab file>
kerberos.decrypt: TRUE

For example,

kerberos.file: /home/cloudshark/krb5/816.keytab
kerberos.decrypt: TRUE

Sample Kerberos captures

A sample Kerberos capture file is availble on cloudshark.org. You can download the kerberos capture file directly here. You can also download the Kerberos keytab file for this capture here.

Important!

Make sure you follow the instructions on updating the decode options when adding the new kerberos entries! CloudShark may need to be restarted to see the new decryption results.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: