Tags: misc networking
Open `Data.pcapng` in Wireshark. You see a few ARP requests at the beginning (not surprising) to resolve the MAC addresses, and then a lot of TCP segments. We are interested in the segments that have an actual payload, so we use the following filter: `tcp.flags.push==1`. We see that each of the resulting segments has only 1 byte of payload. We reassemble all the bytes, and we get `VGhlIGZsYWcgaXMtPiBCMXRfYnlfQjF0X3YxYV9uYwo=`. We base64 decode it, and we get `The flag is-> B1t_by_B1t_v1a_nc`.
Indeed, too easy.