its fun

HINT => that file must be opened somehow with wireshark

it's really hard , if i didn't read the comments i wouldn't solve it

nice

friendly hint: Zm9sbG93IG1lIG9uIHQubWUvcmV6bm92MHg=

its not that difficult when you know what you searching for , its a "ENCODED" message , Regex will be your hero .

it's all solved with base64 (:

i love base64

Great challenge

Hint: Change the extension to .pcap (Wireshark extension)

strings capture.pcap | grep -i "GET /" and the rest is on you.

Just don't overthink it its pretty much in plain sight. You just have to GET it right.

i just solved it with manual filter, but i have one question. how we know when filter to http or udp or tcp or etc? where's found this clue?

you should read some networking stuff

HTTP is the application level protocol, so this can contain the meaningful information for us. In contrast, TCP/UDP chunks that information and create packets which is not very meaningful. As in this case you're looking for a flag, it's only possible that application layer protocols will contain the whole information.

Thank you, this comment was really helpful!

Quite hard, but doable (but not easy, at least medium IMO) Hint1: TG9hZCB0aGUgZG93bmxvYWRlZCBmaWxlIGluIHdpcmVzaGFyaw== Hint2: TG9vayBmb3IgR0VUIHBhY2thZ2VzIChwYXkgYXR0ZW50aW9uIHRvIHRoZSBtZXNzYWdlcykg Hint 3: VGhlIG1lc3NhZ2UgaXMgQmFzZTY0IGVuY29kZWQ=

thanks found it

Thanks for Base64 encoding your hints. SW4gV2lyZXNoYXJrIEkgdXNlZCAidGNwLnN0cmVhbSBlcSAwIiBhbmQgY2hhbmdlZCB0aGUgbnVtYmVyIDAgdW50aWwgSSBmb3VuZCB0aGUgbWVzc2FnZSBvZiBpbnRlcmVzdA==

Thanks for Base64 encoding your hints. SW4gV2lyZXNoYXJrIEkgdXNlZCAidGNwLnN0cmVhbSBlcSAwIiBhbmQgY2hhbmdlZCB0aGUgbnVtYmVyIDAgdW50aWwgSSBmb3VuZCB0aGUgbWVzc2FnZSBvZiBpbnRlcmVzdA==