~# cat Question

How about some hide and seek heh? Download this file and find the flag.

FILE: trace.pcap

This is a simple forensics challenge. Since there was a pcap file, I used Wireshark to view the packets. We can observe the most common protocol being used by going to Statistics 🡢 Protocol Hierarchy . We can see that the most exchanged packets is TCP.

Using the filter feature. inputting this filter, tcp contains "pico" we will get the flag located in the Hex Dump. Use this Wireshark Cheat Sheet.

Flag: picoCTF{P64P_4N4L7S1S_SU55355FUL_f621fa37}