打开图片后发现流量包有问题，于是使用http://f00l.de/hacking/pcapfix.php修复流量包，在流量包中有提示

发现当帧长度为72时，每个id的逆序值符合格式要求，于是编写脚本

#!/usr/bin/env python
# -*- coding:utf-8 -*-
# -- author：valecalida --
# Edit time: 2021/6/6 8:35
from pyshark import FileCapture
from binascii import a2b_hex
cap = FileCapture('cap.pcap', display_filter="tcp && frame.cap_len==72")
cap.load_packets()
content, link = '', ''
for i in range(0, len(cap), 2):
    link = cap[i].ip.id[-4:][2:] + cap[i].ip.id[-4:][:2]
    content += link
print(a2b_hex(bytes(content, encoding='utf-8')))

 运行得到flag

 

b'flag{aha!_you_found_it!}\x00\x00'