Affinity CTF Lite 2020 - MISC

18 Nov 2020

Hello, i’m Omar again, yesterday i’ve Pwned Affinity CTF Lite 2020 I’ll start with the first category and it’s the Miscellaneous category. It’s have one challange ( for me but the category have DiscOrder, just take the flag from discord ) Let’s start with Shark has a long tail
With the given file, SharkHasALongTail.pcap It’s a pcap file, Anyone will open the file in wireshark,Me too, i’ll do the same. I literally tried everything, everything was normal. I Just noticed something very interesting, the TCP header length of all packets are under 255
which means it could be decimal. After some using of google & tshark documentation i get this command tshark -r SharkHasALongTail.pcap -T fields -e tcp.len i used it on the file. and the output was

Copy it and paste into cyberchef and choose Decimal recipe.
The flag is AFFCTF{TCPDUMP_Never_Disappoints}