I found the message package by a pure accident
Great
friendly hint: Zm9sbG93IG1lIG9uIHQubWUvcmV6bm92MHg=
thanks found it
HTTP is the application level protocol, so this can contain the meaningful information for us. In contrast, TCP/UDP chunks that information and create packets which is not very meaningful. As in this case you're looking for a flag, it's only possible that application layer protocols will contain the whole information.
2 months ago
i want to ask about wireshark, where is the flag usually hide in wireshark? what filter should we do?