import struct

def parse_pcap(filename):
    with open(filename, 'rb') as f:
        f.read(24)
        packets = []
        while True:
            packet_header = f.read(16)
            if len(packet_header) < 16:
                break
            _, _, incl_len, _ = struct.unpack('IIII', packet_header)
            packet_data = f.read(incl_len)
            if len(packet_data) < incl_len:
                break
            packets.append(packet_data)
        return packets

packets = parse_pcap('sniffed.pcap')

print("=" * 80)
print("TESTING DIFFERENT EXTRACTION METHODS")
print("=" * 80)

# Method 1: Last byte
print("\n[1] LAST BYTE of each packet:")
last_bytes = [chr(p[-1]) if 32 <= p[-1] <= 126 else '.' for p in packets]
last_byte_msg = ''.join([c for c in last_bytes if c != '.'])
print(f"Message: {last_byte_msg}")

# Method 2: First byte
print("\n[2] FIRST BYTE of each packet:")
first_bytes = [chr(p[0]) if 32 <= p[0] <= 126 else '.' for p in packets]
first_byte_msg = ''.join([c for c in first_bytes if c != '.'])
print(f"Message: {first_byte_msg}")

# Method 3: Packet length (modulo to get ASCII range)
print("\n[3] PACKET LENGTHS (as ASCII):")
lengths = [len(p) for p in packets]
length_chars = [chr(l) if 32 <= l <= 126 else '.' for l in lengths]
length_msg = ''.join([c for c in length_chars if c != '.'])
print(f"First 50 lengths: {lengths[:50]}")
print(f"Message: {length_msg}")

# Method 4: Packet length % 128 (to force into ASCII range)
print("\n[4] PACKET LENGTH mod 128:")
length_mod_chars = [chr(len(p) % 128) if 32 <= (len(p) % 128) <= 126 else '.' for p in packets]
length_mod_msg = ''.join([c for c in length_mod_chars if c != '.'])
print(f"Message: {length_mod_msg}")

# Method 5: Look for patterns in payload offsets
print("\n[5] SECOND-TO-LAST BYTE:")
pen_bytes = [chr(p[-2]) if len(p) > 1 and 32 <= p[-2] <= 126 else '.' for p in packets]
pen_msg = ''.join([c for c in pen_bytes if c != '.'])
print(f"Message: {pen_msg}")

# Method 6: Check if there's a specific offset that works
print("\n[6] BYTE AT OFFSET 50 (if packet > 50 bytes):")
offset_50 = [chr(p[50]) if len(p) > 50 and 32 <= p[50] <= 126 else '.' for p in packets]
offset_50_msg = ''.join([c for c in offset_50 if c != '.'])
print(f"Message: {offset_50_msg}")

print("\n" + "=" * 80)
print("WHICH METHOD GIVES A REAL FLAG?")
print("=" * 80)
print(f"Last byte:     {last_byte_msg}")
print(f"First byte:    {first_byte_msg}")
print(f"Lengths:       {length_msg}")
print(f"Length mod:    {length_mod_msg}")
print(f"2nd-last:      {pen_msg}")
print(f"Offset 50:     {offset_50_msg}")