import struct

def parse_pcap(filename):
    """Parse PCAP file and return packet data"""
    with open(filename, 'rb') as f:
        f.read(24)  # Skip global header
        
        packets = []
        packet_num = 1
        
        while True:
            packet_header = f.read(16)
            if len(packet_header) < 16:
                break
            
            ts_sec, ts_usec, incl_len, orig_len = struct.unpack('IIII', packet_header)
            packet_data = f.read(incl_len)
            if len(packet_data) < incl_len:
                break
            
            packets.append({'num': packet_num, 'data': packet_data, 'length': incl_len})
            packet_num += 1
        
        return packets

def detailed_analysis(packets, start=1, end=50):
    """Detailed byte-by-byte analysis of specific packets"""
    print("=" * 80)
    print(f"DETAILED ANALYSIS: Packets {start}-{end}")
    print("=" * 80)
    
    printable_chars = []
    
    for i in range(start-1, min(end, len(packets))):
        pkt = packets[i]
        data = pkt['data']
        last_byte = data[-1] if len(data) > 0 else 0
        
        is_printable = 32 <= last_byte <= 126
        char = chr(last_byte) if is_printable else ''
        
        print(f"Packet {pkt['num']:3d} | Length: {len(data):5d} | Last byte: 0x{last_byte:02x} ({last_byte:3d}) | Char: '{char}' | Printable: {is_printable}")
        
        if is_printable:
            printable_chars.append((pkt['num'], char))
    
    print("\n" + "=" * 80)
    print("PRINTABLE CHARACTERS ONLY:")
    print("=" * 80)
    
    for num, char in printable_chars:
        print(f"Packet {num:3d}: '{char}'")
    
    message = ''.join([char for _, char in printable_chars])
    print(f"\nConcatenated message: {message}")
    
    # Check if this matches the writeup claim
    writeup_claim = "3h2pHv1T!\"bOb|&4}"
    packets_9_41_chars = [char for num, char in printable_chars if 9 <= num <= 41]
    packets_9_41_message = ''.join(packets_9_41_chars)
    
    print(f"\n" + "=" * 80)
    print("COMPARISON WITH WRITEUP:")
    print("=" * 80)
    print(f"Writeup claims (packets 9-41): {writeup_claim}")
    print(f"Actually extracted (packets 9-41): {packets_9_41_message}")
    print(f"Match: {writeup_claim == packets_9_41_message}")
    
    if writeup_claim == packets_9_41_message:
        print(f"\n✓ The writeup extraction is CORRECT for packets 9-41!")
        print(f"✓ The writeup adds 'HTB{{' prefix and '}}' suffix as standard flag format")
        print(f"\n🚩 VERIFIED FLAG: HTB{{{packets_9_41_message}}}")
    else:
        print(f"\n✗ Mismatch detected!")
        print(f"  Expected: {writeup_claim}")
        print(f"  Got:      {packets_9_41_message}")

if __name__ == "__main__":
    pcap_file = "sniffed.pcap"
    
    packets = parse_pcap(pcap_file)
    print(f"Total packets in PCAP: {len(packets)}\n")
    
    detailed_analysis(packets, 1, 50)