Exploring the tcp streams i found a conversation between two individuals with some interesting data.

We know the command to decrypt some file and that it's going to be sent again.

The stream 2 is what appears to be the encrypted file.

I saved it as raw because otherwise i would get a bunch of gibberish when i decrypted it.

Once saved i applied the command that was in the chat.

❯ openssl des3 -d -salt -in file.des3 -out file.txt -k supersecretpassword123
*** WARNING : deprecated key derivation used.
Using -iter or -pbkdf2 would be better.

❯ ls
 capture.flag.pcap  file.des3  file.txt

❯ cat file.txt

Original writeup (https://github.com/DoomHackCTF/WriteUps/blob/main/picoCTF2022/Forensics/Eavesdrop/README.md).