We’re told to “Find the flag in the network traffic” & given a .pcap network traffic capture file. Let’s open wireshark to see what we get, on opening wireshark we find out there are multiple UDP, TCP & HTTP Packets.

Let’s apply the first hack in the forensics wireshark playbook. Follow the TCP Stream (Select a TCP Packet and press Ctrl+ Alt + Shift + T). On following the TCP Stream we get this request: It is a get request being made for the file flag.txt, at the end of the request we can see a base 64 encoded text that looks like our flag: RGF3Z0NURntuMWMzX3kwdV9mMHVuZF9tM30=

Let’s decrypt it: DawgCTF{n1c3_y0u_f0und_m3}. We got our flag!

View the full writeup [here](https://github.com/abhichitkara/DawgCTF20-Writeups/blob/master/DawgCTF%20Writeups.pdf)