Forensics – Shark on wire 2

Shark on Wire 2 - 300pt

Challenge

We found this packet capture. Recover the flag that was pilfered from the network. You can also find the file in /problems/shark-on-wire-2_0_3e92bfbdb2f6d0e25b8d019453fdbf07.

Hints

(none)

Solution

If you open capture.pcap with WireShark, and you follow the 6th udp stream, you'll find the flag of the previous level, and if you follow any other stream you'll find nothing of use.\
However, if you filter traffic directed towards port 22, you'll notice that the first packet sent contains "start" and the last contains "end". Also, the packets in between are all sent from ports different from 5000.\ If you put these port numbers into a list, and subtract 5000 to everyone of them, you'll get a list of ASCII codes. Decode this list, you'll get the flag.

picoCTF{p1LLf3r3d_data_v1a_st3g0}

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *