--- title: icmp exfiltration tags: CTF --- --- ### icmp ##### i learn icmp exfiltration ###### Decription: My friend recently hides in a corner, puts on his headphones, listens to something and "admires" himself like a relaxing guy. Help me find something interesting in here.  ###### I Learn icmp exfiltration ```bash! tshark -r network_icmp.pcapng -Y "icmp" -T fields -e data tshark -r stego2.pcap -Y "icmp.type == 8" -T fields -e data > icmp_payloads.txt ``` ###### code to solve it with open("icmp_payloads.txt") as f: lines = f.readlines() hex_data = ''.join(line.strip() for line in lines) bytes_data = bytes.fromhex(hex_data) print(bytes_data.decode(errors='ignore')) with open("output.bin", "wb") as out: out.write(bytes_data) ```bash! mv output.bin > hello.mp3 ```  ###### we got flag and i also learn ICMP ###### | Type | Meaning | Description | | ---- | ----------------------- | -------------------------------- | | 0 | Echo Reply | Response to ping | | 8 | Echo Request | Sent to test reachability | | 3 | Destination Unreachable | No route to host/network | | 11 | Time Exceeded | TTL expired (traceroute uses it) | 1222