SIV Pipeline Forensics Group 4
SilentSignal.pcaparrow-up-right
The whole traffic seems to be in ICMP or Ping requests.
There's 28 almost identical ping requests...
Extract with tshark and inspect all fields
tshark
The only difference is the delta time, if we convert first delta to character it's S, which is first character of flag.
Flag: SVBRG{tim3_tr4v3l_v1a_p1ng}
SVBRG{tim3_tr4v3l_v1a_p1ng}
Last updated 7 months ago
➜ tshark -r SilentSignal.pcap -T json > SilentSignal.json
➜ (tshark -r SilentSignal.pcap -T fields -e frame.time_delta | % { [char][int]$_ }) -join '' SVBRG{tim3_tr4v3l_v1a_p1ng}
