Download mypcap.pcap

Spoiler Command:

bash 5 lines
tshark -r mypcap.pcap -Tfields -e data \
    | cut -c -2 \
    | sed ':a;N;$!ba;s/\n/ /g' \
    | sed 's/ //g' \
    | xxd -r -p
  1. tshark -r mypcap.pcap -Tfields -e data uses tshark to read the pcap file and output only the packet data field in hexadecimal.
  2. cut -c -2 takes only the first two characters of each line, which is typically the first byte of each packet’s data.
  3. sed ':a;N;$!ba;s/\n/ /g' joins all lines into a single line, separating them with spaces.
    • :a creates a label for the loop.
    • N appends the next line to the pattern space.
    • $!ba branches back to the label a until the end of the file.
    • s/\n/ /g replaces all newline characters with spaces.
  4. sed 's/ //g' removes all spaces, resulting in a continuous hex string.
  5. xxd -r -p converts the hex string back into its original binary form.
    • r means reverse operation (from hex to binary).
    • -p means plain hexdump style (no whitespace).
Click to reveal the final flag
flag 1 lines
FLAG-GoodJobReadingTheNetwork

Download main64.exe

Use strings | grep FLAG on the binary at the beginning to get the flag.

Click to reveal the final flag
flag 1 lines
FLAG-GoodJobOnRebOnReadingBins!

Remove the duplicate part (“JobOnReading”) to get the correct flag.

Click to reveal the final flag
flag 1 lines
FLAG-GoodJobOnReadingBins!