This is a challenge from picogym called Shark on Wire 1. The name suggests it's related to Wireshark.
You can find the challenge here
The challenge gave us a pcap file named capture.pcap. I opened it in Wireshark, and the packets were displayed.
I scrolled through for a bit, thinking about how to approach the analysis. I decided to focus on sorting the protocol to specifically identify TCP/UDP packets.
Many people would agree that remembering all the filters in Wireshark can be quite overwhelming. In today's age of AI tools like ChatGPT and Perplexity, I don't think one has to memorize them. I needed to find TCP/UDP streams, so I asked ChatGPT to write a filter query to locate individual UDP streams for me.
Luckily chatGPT gave me this -
udp.streams eq n
here n is the index of the UDP stream.
I used the filter udp.streams eq 0 in the filter bar.
Right-click on the packet and select Follow to track the entire stream for this index.
Hmm, interesting. The streams have some values. Tried testing a few more by adjusting the index in the filter tab.
For udp.streams eq 1 we got this -
I began searching for additional streams by modifying the index, and to my surprise, I discovered this for udp.streams eq 5!
Now, at least I've confirmed that my approach was correct and it's yielding results to some degree. I persisted in investigating, and finding udp.streams eq 6 appeared to be a breakthrough.
Copied and pasted the flag as input and yes, the flag was accepted!
