In this challenge, we start with a network capture and we want to find which `SSH` version was eventually compromised by a brute force attack.

Let's read the capture with `tshark` :

```sh
tshark -r PCAP02.pcapng
```

We have a lot of packets in this capture and different protocols. We are looking for `SSH` so let's filter the output :

```sh
tshark -r PCAP02.pcapng -Y "ssh"
```

Now we can reduce the number of packets by filtering with `grep` to keep only `SSH` versions :

```sh
tshark -r PCAP02.pcapng -Y "ssh" | grep SSH-
```

We have the version `SSH-2.0-9.29 FlowSsh: Bitvise SSH Server (WinSSHD) 9.29` so let's try the flag `flag{SSH-2.0-9.29 FlowSsh: Bitvise SSH Server (WinSSHD) 9.29}`

And here we are, the challenged is validated !