Wireshark-users: [Wireshark-users] Kerberos
From: "j.snelders" <j.snelders@xxxxxxxxxx>
Date: Tue, 22 Dec 2009 12:34:33 +0100
Since the release of Wireshark 1.0.9 Kerberos traffic is not decrypted anymore.
The problem still exists in the latest version: 1.2.5.

Wireshark 1.2.5 contains the following dll's:
k5sprt32.dll
32KB
Date Modified: 10-06-2009
file version: 
- 1.6.3.16
- 1.6-kfw-3.2.2

krb5_32.dll
704KB
Date Modified: 10-06-2009
file version: 
- 1.6.3.16
- 1.6-kfw-3.2.2


The problem is solved, when you replace the dll's.
Download SB_Win_DLL_Pack.zip:
http://www.scriptbasic.org/download/SB_Win_DLL_Pack.zip
Copy k5sprt32.dll and krb5_32.dll to C:\Program Files\Wireshark
Open the capture file by double-clicking and the kerberos traffic is decrypted.

SB_Win_DLL_Pack.zip contains the following dll's:
(compare the file size to the "Wireshark" dll's)
k5sprt32.dll
20KB
Date Modified: 28-06-2009
file version: 
- 1.6.3.16
- 1.6-kfw-3.2.2

krb5_32.dll
620KB
Date Modified: 28-06-2009
file version: 
- 1.6.3.16
- 1.6-kfw-3.2.2

Is this problem related to bug 3521?

Another curious thing:
De packets stay ENcrypted, when you first start Wireshark and then select
File -> Open.

Thanks
Joan