challenge

Solution

I started by opening the shark1.pcapng with wireshark and after following the tcp stream i found that the stream 5 seemed to contain a GET request:

wireshark

In the response of the GET request we achieve what it seems to be the encrypted flag:

Gur synt vf cvpbPGS{c33xno00_1_f33_h_qrnqorrs}

After decoding it with ROT13 we finally get the flag:

Flag

The flag is picoCTF{p33kab00_1_s33_u_deadbeef}