Wireshark doo dooo do doo...

Problem

Can you find the flag? shark1.pcapng.

Solution

  1. 1.
    Open the file in wireshark and type in tcp.stream eq 5 to get the 5th TCP stream.
  2. 2.
    Right click any entry, click follow, and then click "TCP Stream."
  3. 3.
    The flag will now be shown, but it is encoded: Gur synt vf cvpbPGS{c33xno00_1_f33_h_qrnqorrs}
  4. 4.
    We can decode the flag by passing it through ROT13 since this is a basic Caesar's cipher. You can decode ROT13 using CyberChef, for instance.

Flag

picoCTF{p33kab00_1_s33_u_deadbeef}