Points: 50 Category: Forensics
Can you find the flag? shark1.pcapng.
I opened shark1.pcapng with Wireshark. I followed the TCP stream:
Stream 5 (tcp.stream eq 5) contained something that looked promising
Gur synt vf cvpbPGS{c33xno00_1_f33_h_qrnqorrs}
After decoding that with ROT13, the flag was revealed.
picoCTF{p33kab00_1_s33_u_deadbeef}