[HV22.05] Missing gift
Like every year the elves were busy all year long making the best toys in Santas workshop. This year they tried some new fabrication technology. They had fun using their new machine, but it turns out that the last gift is missing.
Unfortunately, Alabaster who was in charge of making this gift is not around, because he had to go and fulfill his scout elf duty as an elf on the shelf.
But due to some very lucky circumstances the IT-guy elf was capturing the network traffic during this exact same time.
Goal:
Can you help Santa and the elves to fabricate this toy and find the secret message?
Solution
We got a network traffic dump (tcpdump.pcap) in a default format which can be opened with various tool. I like to use wireshark for that, since it is the industry default and brings plenty of protocol analyzers.
Searching for HV22 is the first obvious thing to do in such a file, which resulted in showing a filename hv22.gcode.
Following the HTTP stream of this, I noticed a few things, but most importantly, the hv22.gcode content was also in it. .gcode is a data format which is used in CNC machining and 3D printing to send basic instructions to the machine like ‘turn on heatbed’, ‘heat up to x degrees’, ‘move printerhead to pos X / Y’ and so on. Of course, this is done by tools (called slicers), which ingest a 3D model and convert it into slices and then into commands.
Not having a 3D printer around and also not knowing what the print would look like (or even if this is a valid print and compatible with the printer at all), I wondered if there are tools to do the opposite and found GCode Viewer quite fast. I saved the gcode content in a file hv22.gcode and threw it at the GCode Viewer. Set to 3D it reveals the result 
The flag is HV22{this-is-a-w4ste-of-pl4stic}