1. Open wireshark, load the pcap 2. Go to preferences > RSA, install the provided keyfile 3. Ctrl + R to reload packets, the flag exists in plaintext in one of the packets