#!/usr/bin/env python3
"""
Extract only printable ASCII from packet lengths
"""

import struct

def parse_pcap(filename):
    with open(filename, 'rb') as f:
        # Read global header (24 bytes)
        f.read(24)
        
        packets = []
        
        while True:
            # Read packet header (16 bytes)
            packet_header = f.read(16)
            if len(packet_header) < 16:
                break
            
            ts_sec, ts_usec, incl_len, orig_len = struct.unpack('IIII', packet_header)
            
            # Read packet data
            packet_data = f.read(incl_len)
            if len(packet_data) < incl_len:
                break
            
            packets.append(incl_len)
        
        return packets

# Parse the PCAP file
packet_lengths = parse_pcap('sniffed.pcap')

print(f"Total packets: {len(packet_lengths)}")
print(f"Packet lengths: {packet_lengths}\n")

# Extract only printable ASCII characters
message = ""
ascii_indices = []

for i, length in enumerate(packet_lengths):
    if 32 <= length <= 126:  # Printable ASCII range
        message += chr(length)
        ascii_indices.append(i + 1)  # 1-indexed
        print(f"Packet {i+1:3d}: length={length:4d} -> '{chr(length)}'")

print("\n" + "=" * 80)
print("HIDDEN MESSAGE:")
print("=" * 80)
print(message)

# Check if it contains HTB flag
if "HTB{" in message:
    start = message.find("HTB{")
    end = message.find("}", start) + 1
    flag = message[start:end]
    print(f"\n🚩 FLAG FOUND: {flag}")
else:
    print("\nNo HTB flag found in plain ASCII. Message might be encoded further.")
    print(f"Total ASCII characters: {len(message)}")