New Relic workshop: pcapture the flag

Hi! Thanks for joining the workshop.

My objective is to help you:

  • Understand a few common network protocols better, and see how they fit together in the layered ("OSI") model;
  • Increase your familiarity with binary representations of data, and tools for working with binary data; and,
  • Give you a taste of how and what we like to teach at Bradfield

If you've only worked so far with text files and text-based protocols like HTTP. That’s OK! This workshop will help you take the leap to working with binary. It's worth developing this skill not just for binary network protocols like TCP and IP, but for the many other binary file formats like those for images, audio/video, PDFs and most executables.

If you've never taken a networking course, that's ok too! You'll learn more from this workshop than most, and hopefully form a good overall mental model which you can revisit to fill in more detail later.

If you're already confident both with the network protocols used for the Web, and with processing binary data, then this might just be a fun and quick challenge for you 🚀 I have some stretch goals for you if you like, and I won't be offended if you finish the exercise quickly and call it a day. But please don't ruin the experience for others by revealing the solution 😉.


We have recorded a packet capture of an HTTP request and response for an image, performed over an imperfect network. The challenge for you is to parse the capture file, find and parse the packets constituting the image download, and reconstruct the image! It’s like a murder mystery, except with a trail of binary data and a hero rather than a villain at the end of it.


  1. Download the pcap file
  2. Make sense of the file, using man pcap-savefile or the online version as a reference, and with command line tool like hexdump or xxd, or by writing a program
  3. Figure out how to parse out the individual captured packets. There should be 99 in total.
  4. Figure out how to parse and make sense of the ethernet frames.
  5. Figure out how to parse and make sense of the IP datagrams.
  6. Figure out how to parse and make sense of the TCP segments. Which ones will we need?
  7. Reconstruct the correct TCP segments to retrieve the HTTP message.
  8. Write the HTTP body to an image and open it!

This is actually a long exercise… you may not complete it today 🙂. But! Every step will teach you a little more about network protocols and working with binary.

Staying in touch

Feel free to email me directly with feedback or questions! I’m [email protected].

This workshop is derived from one of the classes in our Computer Networking course: we set it as an early exercise to give students a good overall view of how some of these protocols fit together, then go into more detail on these and other aspects of networking over eight 2.5hr classes.

We also offer a course called Computer Architecture and the Hardware/Software Interface, which our students rate as one of the most surprisingly valuable courses they take with us. While ostensibly about how computers work, it’s actually a great way to understand how we typically represent and process data at each level of abstraction. If you found it new and interesting to work directly with binary data, you may enjoy our architecture course.

If you’d like to generally stay in touch, and receive updates from us on workshops, courses, computer science learning resources and general tech news, we have a mailing list for that:


[email protected]
576 Natoma St
San Francisco, California
© 2016 Bradfield School of Computer Science