Download the pcap file and open it in wireshark. download it if you do not have it installed.

check the first few packets and analyze the data

find the packet sending the data, you will notice TCP and Modbus

only the Modbus packets contain the flag


writeup at on my medium

Original writeup (https://medium.com/@prince0f4llsaiyanz/tenable-ctf-2022-strange-packets-forensics-a467e054eeb6).