Posts tagged with wireshark

picoCTF 2019 - shark on wire 2

Posted on October 9, 2019* in ctf-writeups

We are given a packet capture with little description of what to look for. While looking through the UDP streams, I came across two packets with the text start and end within in the data section:

Packet 1104:

Packet 1303:

The only bytes changing between the start packet (#1104) and the next UDP packet (#1106) were the data field, checksums, and the source port. I noticed that the difference between the source ports of these two packets (5112 - 5000 = 112) was the ASCII code for the letter p. I repeated this for all the UDP packets (excluding MDNS queries) and found the following numbers:

Continue Reading
Switch to Dark Mode
Switch to Light Mode