Once you have captured packets you can use Wireshark to analyze them in many case decryption of traffic is needed in order to analyze correctly an exchange.
How to Extract a keytab containing your domain's passwords
There are two ways to obtain a keytab from an Active Directory Domain with Samba:
To use samba4, it needs to be a domain controller for your domain. If it's not already the case check how to join Samba4 as domain controller.
Then, to extract the keytab run
samba-tool domain exportkeytab PATH_TO_KEYTAB
It will write out a keytab in PATH_TO_KEYTAB containing the current keys for every host and user.
To dump a keytab, join the domain and then run:
net rpc vampire keytab /path/to/keytab/file -I <ip_domain_controller> -U user_with_admin_rights
Note that the path to the keytab file needs to be an absolute path, in some situations you might need to append @domain.tld at the administrative username