I quickly open the PCAP file in WireShark and see some HTTP Requests to secure.html:
It hints to a FTP so I change the filter to FTP and see this:
I see they are downloading a list of files and a flag.zip
So I follow the tcp stream to get all the data and convert to raw and downloads it as flag.zip
Trying to unzip the file shows that it is password protected:
└─$ unzip flag.zip
Archive: flag.zip
[flag.zip] flag.txt password: Looking for more in the dump I see a mail there in there it tells me a password:
And unzipping with that gives me flag.txt