PicoCTF 2022 — Forensics: Torrent Analyze

tshark -r torrent.pcap -Y 'bt-dht.bencoded.string=="info_hash"' -Tjson -e 'bt-dht.bencoded.string' > output.json
cat output.json \
| jq '.[] | ._source.layers' \
| grep info_hash -A1 \
| awk '{print $1}' \
| sort \
| uniq \
| sed -E 's/"?(.{40})"?,?/\1/g' \
| grep -E '.{40}' \
| tr '\n' ' ')"

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store