Petites notes

Category: Forensic

Points: 46

Description: Connaissez-vous bien le format PCAPng ?

Files: petites_notes.pcapng

TL;DR

Comments dispersed in HTTP packets allow us to reconstruct the flag.

Methodology

We start by opening our pcapng with Wireshark and fly over the packets quickly. After a while we notice that there is an interesting comment in a HTTP packet.

wireshark_first_packet_comment

We will look in the capture for other packages with comments. It happens that there are others and they lead us to the flag!

wireshark_second_packet_comment

All we have to do is reconstruct the flag.

FLAG_IS:

ECSC{cShle5dOKYBfjLNzT}