## Challenge Description
```
a cat in space, eating a croissant, while starting a revolution.
MD5 (chall.jpg.pcap) = 8408b3176d9f974c03f919d36d48770a
```
## Challenge Solution
We're provided with a pcap file `chall.jpg.pcap`. When I opened it up with wireshark there were roughly 240000 ICMP type 8 Echo (ping) request packets with each has 1 byte data in them. The first two packets were FF D8 and the last two were FF D9, which is hinting at a generic JPEGimage file. This means that if we extract the 1 hexbyte data from each packet and write them into file, we should get an jpg image file. Here is a python script for that:
```py
from scapy.all import *
import binascii

# Read pcap file
packets = rdpcap("chall.jpg.pcap")

# Initialize empty hexdump
hexdump = ""

for packet in packets:
# Check if packet is an ICMP Echo (ping) request
if packet.haslayer(ICMP) and packet[ICMP].type == 8:
# Extract hexbyte data
hexbyte = packet.load.hex() # packet.load = b'\xff' b'\xff'.hex() = 'ff'
# Append hexbyte to hexdump
hexdump += hexbyte # b'\xff' + b'\xd9' = b'\xff\xd9'

# Convert hexdump to binary data. 'ffd9' => b'\xff\xd9'
binary_data = binascii.unhexlify(hexdump) # binary_data = bytes.fromhex(hexdump)

# Write binary data to .jpg file
with open("flag.jpg", "wb") as f:
f.write(binary_data)

print("Image written to flag.jpg")
```
We can improve the script above and remove unnecessary lines; for instance we don't have to check each package if they're ICMP Echo (ping) request or not. It'll slow down the process.
```py
#!/usr/bin/env python3
from scapy.all import *

packets = rdpcap("chall.jpg.pcap")
bytedata = b''

for packet in packets:
bytedata += packet.load

with open('flag.jpg', 'wb') as file:
file.write(bytedata)
```

If we open up flag.jpg we'll get the flag: `shctf{look_at_da_kitty}`