UMDCTF 2021 - Roy's Randomness | Steg
Roy’s Randomness
Roy found some suspicious network traffic, wireshark shows so many errors with it! Can you figure out what’s happening?
Downloadable file: network traffic
Solution
There are only three types of packets: SYN, RST, and PSH. If we assume the PSH packet is a pause between characters, we will see that the group of characters are between 4 and 5, which could be Morse code. (Please note that Wireshark did the color coding by default. It was not my doing.)
Assuming SYN is dot while RST is dash, I will get an output that seems to be in hexadecimals. Once I convert from hex to ASCII, I will get the flag!
