Faking pcaps files is almost impossible with any kind of volume. The timings and packet sequences would be easy to spot if they were out of sequence.
I'm a qualified expert in the field.
In addition to what you stated (which is 100% true; TCP protocol), the fact that they are all TLS packets with origination certificates and fully decrypted... It's virtually impossible to fake this. How they managed to MITM all of this is really an amazing achievement.
I'm a qualified expert in the field.
In addition to what you stated (which is 100% true; TCP protocol), the fact that they are all TLS packets with origination certificates and fully decrypted... It's virtually impossible to fake this. How they managed to MITM all of this is really an amazing achievement.