i want to ask about wireshark, where is the flag usually hide in wireshark? what filter should we do?

I found the message package by a pure accident

Great

thanks i learned another skill

its fun

HINT => that file must be opened somehow with wireshark

it's really hard , if i didn't read the comments i wouldn't solve it

nice

friendly hint: Zm9sbG93IG1lIG9uIHQubWUvcmV6bm92MHg=

strings capture.pcap | grep -i "GET /" and the rest is on you.

Just don't overthink it its pretty much in plain sight. You just have to GET it right.

Quite hard, but doable (but not easy, at least medium IMO) Hint1: TG9hZCB0aGUgZG93bmxvYWRlZCBmaWxlIGluIHdpcmVzaGFyaw== Hint2: TG9vayBmb3IgR0VUIHBhY2thZ2VzIChwYXkgYXR0ZW50aW9uIHRvIHRoZSBtZXNzYWdlcykg Hint 3: VGhlIG1lc3NhZ2UgaXMgQmFzZTY0IGVuY29kZWQ=

thanks found it

Thanks for Base64 encoding your hints. SW4gV2lyZXNoYXJrIEkgdXNlZCAidGNwLnN0cmVhbSBlcSAwIiBhbmQgY2hhbmdlZCB0aGUgbnVtYmVyIDAgdW50aWwgSSBmb3VuZCB0aGUgbWVzc2FnZSBvZiBpbnRlcmVzdA==

Thanks for Base64 encoding your hints. SW4gV2lyZXNoYXJrIEkgdXNlZCAidGNwLnN0cmVhbSBlcSAwIiBhbmQgY2hhbmdlZCB0aGUgbnVtYmVyIDAgdW50aWwgSSBmb3VuZCB0aGUgbWVzc2FnZSBvZiBpbnRlcmVzdA==

i just solved it with manual filter, but i have one question. how we know when filter to http or udp or tcp or etc? where's found this clue?

you should read some networking stuff

HTTP is the application level protocol, so this can contain the meaningful information for us. In contrast, TCP/UDP chunks that information and create packets which is not very meaningful. As in this case you're looking for a flag, it's only possible that application layer protocols will contain the whole information.

Thank you, this comment was really helpful!