diff --git a/forensics/packets_primer/flag.txt b/forensics/packets_primer/flag.txt
new file mode 100644
index 0000000..884a612
--- /dev/null
+++ b/forensics/packets_primer/flag.txt
@@ -0,0 +1,3 @@
+# Flag can be found in the data field of packet 4
+
+picoCTF{p4ck37_5h4rk_ceccaa7f}
diff --git a/forensics/packets_primer/network-dump.flag.pcap b/forensics/packets_primer/network-dump.flag.pcap
new file mode 100644
index 0000000..221e037
Binary files /dev/null and b/forensics/packets_primer/network-dump.flag.pcap differ