Home > Writeups > WHAMazon! Network 1 - It's on the wires

WHAMazon! Network 1 - It's on the wires

Extracting a plaintext flag from a packet capture by running strings, no Wireshark required!

Date: February 28, 2026 Category: Network Difficulty: Easy Views: 18
Tags:
pcap pcapng strings network traffic-analysis WHAMazon!

It's on the wires

Challenge Description

We put a logger on the network - maybe we can find something that can help!

Flag: Raptor{l33t_lyf3_4_M3}

Provided: random_traffic.pcapng

Solution

Before reaching for Wireshark or tshark, it's always worth checking whether the answer is sitting in plaintext:

strings random_traffic.pcapng

Scrolled through the output, a mix of protocol headers, garbage bytes, and printable fragments, and the flag appeared:

Raptor{l33t_lyf3_4_M3}

Done.

Key Takeaways

strings is the right first move on any binary file. It's fast, requires no specialist tooling, and catches anything transmitted in plaintext, which in a network capture includes unencrypted protocols like HTTP, FTP, Telnet, DNS, and plain SMTP. If the flag is anywhere in cleartext traffic, strings will surface it before you've even opened Wireshark.

The flip side: if strings comes up empty, the data is either encrypted, encoded, or fragmented across packets in a way that needs proper reassembly. That's when you reach for the heavier tools.

< Back to All Writeups

ma1ice@ctf:~/writeups$ cat whamazon-network-1-its-on-the-wires.md | wc -l

Published 2026-02-28 • Network