Official Man In The Middle Discussion

Official discussion thread for Man In The Middle. Please do not post any spoilers or big hints.

I think I’ve figured out how to display the file properly, but I can’t figure out what to do next. If someone wants to dm a little hint that would nudge me in the right direction, it would be appreciated.

How did you view the file?

Right, okay, so I think I’ve got the general idea of what’s going on here and what’s within the packets.

Looking around there are a few tools that could be used (but keep hitting a wall). Is anyone who’s solved it able to give me a sanity check? I feel as if I’m about 1 step away from solving it, or I understand what I SHOULD see as a result.


I can view the file using a variety of utilities built in to parrotOS and Kali. There are a couple of utilities on github that I have tried, but they are not working for me. I ‘feel’ like that the data link type is a key hint, but am still exploring.

So if you open the file in notepad, you will get a hint as to what kind of file it is, and googling that info will direct to you to what program will help you decode the capture.

It’s a fairly common program for looking at captures.

Once you have the file loaded, it’s now time to figure out what kind of device is being used over the connection medium.

I’m a big noob when it comes to these challenges, so hope this helps someone.

Hi folks,

I may need a little hand in understanding the payload of the l2**p data frame. What struggles me is the fact that I am unable to find anything online. Can I PM anyone? It would be of a big help!


I am in the same boat, have you made any progress?

You can DM me on discord: mathysEthical#1861

I think I’ve found something interesting in the payload and I’ve been able to isolate it but my attempts at reassembly are futile. Am I on the right track? Any nudges?

I did find that section although I don’t know what to do next… Any nudges?

I have to admit that I’m also a bit stuck. I’ve got the dump loaded and also noticed that in the payload only 4 bytes are changing throughout the whole capture. I’ve exported the payload and tried to convert the payload from hex to ascii, but it seems to be garbage. Any pointers?

yep you can…

Am really stuck at the moment.

I have dumped the playload and read some articles but i can’t figure out what to do with the payload.
Have found an article about a different CTF using a plot graph, do not know if I am on the right track.

Does someone has a hint for me, please PM

I seem to be stuck at the same place where others got stuck. I’ve parsed the log file and extracted four bytes that are different between packets. From there, I tried to convert to ascii, but there’s nothing that looks like a flag in the output. Any suggestions on what to try next? If anybody knows how to solve this one, I could use a hint.