Tags: scapy pcap scripting 


This challenge involved a pcap file that contained ICMP 26,682 packets, all with src/dst IPs of




Scrolling through the packets, some of the packets had a lot of trailing trailing characters that were the same. I created a script to see if there was any pattern that emerged.


#!/usr/bin/env python3

from scapy.all import *

packets = rdpcap('loopback.pcap')

rawlist = []

for i in packets:
x = str(i[Raw].load)
for k in range(5,8):
if x[-k] == x[-8]:

flag = ""
new_rawlist = rawlist[::6]
for letter in new_rawlist:
flag += str(letter)

print("The flag is: " + flag)


This output the following:


The TestFlag is: PPPPPPNNNNNNGGGGGGrrnnnnrrIIIIIIHHHHHHDDDDDDRRRRRRrrrrrrqqqqqq888888ggggggAAAAAAMMMMMMAAAAAAaaaaaa ccccccHHHHHHRRRRRRMMMMMMzzzzzz&&&&&&uuuuuu000000``````::::::ppppppQQQQQQ<<<<<