The flag must be somewhere around here...
A pcap file is included.
Let's open the capture with Wireshark. We mostly see UDP traffic, so let's look at it: we select one random UDP packet, right click on it and select Follow -> UDP Stream. We browse the UDP streams by changing the stream number, but most streams are not understandable.
Let's remove UDP streams by applying the filter !udp. By browsing, we see some HTTP streams. One of them catches our eyes as a GET request for a tar file is replied with an HTTP 200 answer.
Let's click on the reply, and look at the actual file data.
By right clicking on File Data, we can select Export packets bytes and save this as a .tar.gz file.
We can extract it with tar xvf nothinghere.tar.gz and a file flag.txt is extracted, containing:
RGF3Z0NURnszeHRyNGN0MW5nX2YxbDM1XzFzX2Z1bn0=
We recognize base64 and decode it with asciitohex.
Flag: DawgCTF{3xtr4ct1ng_f1l35_1s_fun}