Download the packet capture file and use packet analysis
software to find the flag.
- Download packet capture
wget https://artifacts.picoctf.net/c/196/network-dump.flag.pcap
I first just tried to run strings before even running it in wireshark and I saw the flag.
strings network-dump.flag.pcap
The flag is on the 8th line so I used sed to get just the 8th line.
strings network-dump.flag.pcap | sed -n "8p"
Then I used tr to get rid of all the spaces.
strings network-dump.flag.pcap | sed -n "8p" | tr -d " "
This line gives just the flag with not spaces.
Flag: picoCTF{p4ck37_5h4rk_01b0...}