In the pop-up windows, click on Find and search for attachment. command or (ftp-data and tcp. seq eq 1) The results are shown below in Figure 15. PDF file analysis. Then Save As name it. gz | zcat # or just: zcat hello. Now go the live. Jul 12, 2009 路 http://evilrouters. file from the previous section, run binwalk -e output. Now in this tutorial you can also find, Binary PDF and you can download that, After downloading you can see what is inside of that PDF file. One of my favorites is file exporting. That size is the answer to your question. EDIT: or maybe overthinking it. We should see USER for the username and PASS for the password. pcap And got the message tshark: -R without -2 is deprecated. " Split PDF file. go to File -> Export Objects -> HTTP 3. evpamex. May 2, 2017 路 3) Carve out everything apart from the base64 encoding. Now wait for wireshark to do it’s bit. It is filled with things that make the life of a Packet Detective, like me, easier. Oct 26, 2010 at 12:41. net - This video shows how to take a packet capture and extract files from it using Wireshark. After removing everything before and after the second base64 part and saving it, I can run base64 -d without any problem. You wil see the progress bar at the bottom filling up. updated Nov 5 '19. 23805 4 956 227 https://www. This article is an update from one written by Mar 10, 2009 路 There are other ways to extract the files. 馃寪 Wireshark's 'File > Export Objects Aug 25, 2020 路 You will see below new window. You could open the file in a hex editor and carve it out manually. tshark -T fields -e data. bin' when the pop-up appears. There is also Chaosreader tool which allows to extract data out from a PCAP file. Click the scissor tool icon to split your PDF where desired. In the stream content dialog use Save As. How can I extract a specific byte from a pcap using scapy? Following this answer here: Get specific bytes in payload from a pcap file. setup the SSL analyzer for this TCP stream in Analyze >> Decode As. You can improve that result by printing only the unique results using: Jul 15, 2015 路 I try to get Read all HTTP URLs from PCAp file using this command line command: tshark -R -e http. In the Picture below you can see this folder. der -text you can have a look at the certificate, with openssl x509 Flatten a . (it is said that the attachment is Save the block content in a textfile and name it something like "thisisthefile. To compress data, use the Unix executable gzip. As @rod-it mentioned, WireShark can extract files from HTTP flow, I’ve used WireShark to extract files from SMB traffic. Jan 24, 2019 路 Using output. 3k 9 67 89. Sep 26, 2023 路 Let’s get started. I extracted the PNG image file by the following : Right click on the packet -> follow -> Using TCP -> Converted the file from ASCII to raw -> Searched for 'FFD8' and 'FFD9 and copy pasted the raw network text to HxD Hex editor and Apr 10, 2023 路 In this video I will be showing you how to extract a PDF file from a pcap file (packet capture) and using a hex editor HxD to reassemble the file. Filter by 'http' using the BPF format in Wireshark's display filter bar. a file list would pop-up and you can save the desired files. Actually it turns out the you can use aircrack-ng to do this. Hi, I have been working with Wireshark for years particularly as I use the Riverbed trace analysis programs daily. response == 0" -T fields -e dns. ) and save the content to disk. However, it seems that the wireshark gui (which is actively maintained) can sufficiently extract an AU file of the audio (which sox should be able to convert). uri -r C:file. 1) The document describes a lab where the student will analyze network traffic captured in a PCAP file to extract a downloaded executable file. Yes - right-click on a packet in the Packet List pane, select Follow > UDP Stream. The command can be run on Kali Linux or Ubuntu. Open the RTP capture file with Wireshark. file. Mar 25, 2021 路 When I use text2pcap to convert the data to a pcap file and load it into Wireshark, Wireshark dissects the packet as a malformed Mikrotik Neighbor Discovery Protocol packet. pdf. May 26, 2014 路 0. pcap -R rtp -T fields -e rtp. For single- Apr 28, 2021 路 Closing this as a duplicate. 10 lab extract an executable from a pcap. 6, “File Sets”). Download or share your split PDF files when ready—done! Aug 4, 2020 路 The task is, given a PCAP file, I believe I need to extract a private key from within the PCAP, and then re-apply said key to the same PCAP file via WSharks preferences > SSL > etc to decrypt the traffic. Separate one page or a whole set for easy conversion into independent PDF files. Expanding the SSL details on my trace shows: Apr 20, 2013 路 You can't get it from the response that packet, because it's not delivered!. The client downloads the zip from the FTP, then input the password locally on his machine. flags. out. I am pretty certain I have found the Private Key, and have extracted and saved it to a text file. Nov 19, 2023 路 Diagram 2. pcapng in the attachment. PDF is an extremely complicated document file format, with enough tricks and hiding places Step 7. On the bottom panel in the Wireshark, there will be a new option of AUIOCODES DEBUG RECORDING. Tick the box for the pages you want to extract. PCAP file to text (see question for better explanation) Delay in GOOSE Subscription. Using Tcpflow and Foremost# (Included in Kali) Make sure your traffic capture file is not compressed; Create a directory to put tcpflow artifacts in: . 6. quite new to this. Some capture formats may not be available Ethscan is made to find data in a memory dump that looks like network packets, and then extract it into a pcap file for viewing in Wireshark. To print packets, select the File → Print… menu item. In this new Window you can save the individual files or save them all to a folder. Feb 28, 2019 路 Wireshark is an amazing feature-rich tool. Extracting: The -e option can be used to extract the contents (TCP data payload) of each connection into a separate data file. d. Jun 1, 2022 路 For a couple of fields, especially fields with only one occurrence per packet, the easiest way is to use tshark -T fields -e <field1> -e <field2> . I already tried to follow the TCP Stream, save it as a RAW file, and convert it to a PDF file, but all it was showing was gibberish icons in the PDF. Step-3: Analysing Packets Before and After Decryption with Wireshark. May 19, 2018 路 It is quite easy to extract files from a Wireshark capture using the export option. What is the syntax for wireshark custom column. [File > Save As > test_eicar. txt. any other way i could do it? Mar 1, 2024 路 Our final pcap for this tutorial is Wireshark-tutorial-extracting-objects-from-a-pcap-5-of-5. 2, “Output File Formats” . We are using Wireshark for Text base information gathering. Here extension is . tshark. Time-consuming procedures, such as performing a complete forensic analysis on suspectmachines, can often be avoided if analysts are able to extract files from the networktraffic. Used ‘sample. 鈿欙笍 Enable the option to allow sub dissectors to reassemble TCP streams in Wireshark's protocol preferences. — Or simply drag and drop the file anywhere in the Brute Force. Configure the Bro IDS, use the command "bro -r <your pcap file. Hello this is in the subtrees, File Transfer Protocol (FTP) Opening BINARY MODE data connection for klvasd. grahamb ( 2021-04-22 12:11:16 +0000 ) edit tried doing file - export objects - http, and i couldn't find any pdf files inside. Apr 15, 2009 路 Open the generated pcap file and search for our HTTP GET using the following filter: http. Wireshark V Apr 22, 2021 路 The contents of the PDF show it is a challenge, so you'll have to work at it. cap -T fields -e ip. Oct 26, 2010 路 Improve this answer. Wireshark will display the “Print” dialog box as shown below. 5. For FTP files: 1. These steps are similar with EXE Jan 12, 2021 路 Stats. wc -l output. I've attached a screenshot of the http traffic, but any help would be much appreciated. Just create a column with the data value and filter the UDP packets. Than run, on the command line base64 -d -i thisisthefile. -E header= y: if you want to have the name of features in the output CSV files. If I right-click on Mikrotik Neighbor Discovery Protocol in the Packet Details pane and choose Copy -> as a Hex Stream , all 35 byte are exported. show_as_text:TRUE. Have you tried File -> Export Objects -> HTTP ? Of course, if this was https, you will need the session keys to get the objects. log file. You can open and analyze MP3 files in the same way. exe from the trace you posted on Cloudshark. 16. A txt file 4. Split a PDF file by page ranges or extract all PDF pages to multiple PDF files. I noticed right after i get the output. I need to get the PDF file from this C10. " Then go to File > Export Objects > HTTP. Select the directory to save the file into. ) Set a Wireshark display filter of frame contains "%PDF-" Check the packet bytes. It pops up the Wireshark List File Set dialog box (which is discussed further in Section 5. Please let me know how can i extract the files using code preferably c programming to do the same. It can be done quickly in vi with. Wireshark now have both session keys and packets to decrypt SSL/TLS. raw > attached. \r\n Response code: File status okay; about to open data connection (140) Response arg: Opening Binary mode data connection for klvasd. pcap] Import or drag & drop your file to our Extract PDF Pages tool. Here is the output of the above command. If it's known that the file is PDF, use the file signature (magic number). 4. If you need the full dissection tree for the relationship between fields, the PDML output ( -T pdml) or the JSON output ( -T json) might be better options. link. How can I extract parameters from pcap Mar 2, 2020 路 (extract_rtp. The above code will read a pcap file, extract the features (fields) and output a CSV file. I have managed to do this for . You may need to use a binary file editor to remove extra data (eg data sent in the opposite direction or signalling messages) - alternatively, filter these out before step 1 and save in a Jul 4, 2018 路 Upon right-clicking this packet’s header selected Export Packet Bytes. txt -o secretrendevous. If we get the SHA256 checksum of the PE files, we can see that the results are exactly the same than using Wireshark. 1. First, create a directory and move the PCAP file and ChaosReader file to it (because the output of the ChaosReader process is in the current directory and it is mess output :)). public static string ExtractTextFromPdf(string path) using (PdfReader reader = new PdfReader(path)) StringBuilder text = new StringBuilder(); for (int i = 1; i <= reader. in it, there have many IP addresses source IPs and destination IPs. Wireshark: export bytes. Click “Split” to split your PDF into multiple files. that command uses the -w flag, which specifies that a binary file containing the raw packet data from my. If you want to export a JPEG you’ve captured in an HTTP session you can use File→Export→Objects→HTTP. c. pcap file in Wireshark. Right-click on one of the UDP packets and select Follow UDP Stream. Interesting Feature in Wireshark. If I execute the same command, it doesn't do anything useful: Capture files and file modes. Click the "Capture" menu from the top bar and select "Start. Extracting files from full packet captures can save security analysts a great deal of time. The last step is to visit a secure web site that uses https. I know these. Have a look at tshark -h or the manpage Sep 25, 2019 路 Parsing pcap files is not an easy task and it seems you are in a little over your head. In the window that pops up choose the new line “current” field and change from “none” to “RTP”. For your method you have to see the plain HTTP traffic in Wireshark (use display filter "http"). Currently, it supports the DICOM, HTTP, SMB, and TFTP protocols (SMB would, I think, only work if a client reads the entire file), and supports exporting anything that is identified as an Internet-format email message ("IMF" - "Internet Mail Format"), so it save the file 'base64. request. tshark -r file. cap> -Y "dns. Now, there are 4 files I can find through the HTTP filter: 1. Highlight the eicar file and save. May 21, 2016 路 24. sort output. 101. check the file size of 'base64. e. follow. Asked: 2021-01-12 02:30:44 +0000 Seen: 891 times Last updated: Jan 12 '21 About Press Copyright Contact us Creators Advertise Developers Terms Privacy Policy & Safety How YouTube works Test new features NFL Sunday Ticket Press Copyright We would like to show you a description here but the site won’t allow us. look for the FTP-DATA protocol block of the file you are interested in. 馃敆 Wireshark can extract five types of objects by default. You can also monitor the PCAP and wait for the specific packet, if you know what you are looking for, and then immediately stop the capture. By default, Wireshark saves packets to a temporary file. I think only ProConvert does what I want but suppose that it is no longer maintained. show_as_text:TRUE -r test_00010_20191007091905. This is a function I am using for this purpose. Then to extract HTTP objects. answered Dec 6, 2016 at 9:03. Make sure the traffic is decoded as SSL, i. 4. payload -w rtp. Path is a FTP Server Path. wireshark. I get a PDF file showing the dos2unix manpage. Oct 30, 2019 路 answered Oct 30 '19. Will print all the DNS responses you have in that capture file. Tshark output file problem, saving to csv or txt. Select the proper UDP and force its decoding as RTP: Menu Analyze >> Decode As RTP. You can do that from wireshark (use File > Save As and select libpcap format in the File format drop down list). PNG then I just concatenated the 3 reassembled PDUs and got the full image finally. One of the columns of that screen indicates if any authentication was found inside the pcap. If that is the case you can try to Brute force it using aircrack-ng: aircrack-ng -w pwds-file. Jan 2, 2014 路 3. Dec 1, 2016 路 You can open the PCAP file with NetworkMiner, which will automatically extract all files that have been trasfered in clear text (HTTP, FTP etc). Something like: tshark -nr <your_capture. Save the Wireshark capture. FTP. Otherwise the traffic is probably encrypted (see comment from u/redsedit ). sh, pcap2wav, rtp-break) I've had issues with some of those and they are not particularly maintained. log, etc for different information from the pcap log file. 1 1 2 2. out Feb 24, 2020 路 0. It involves using Wireshark to view the network packets and HTTP requests that retrieved the file over the network. txt to count the lines with. HTTP supports an "If-Modified-Since" header; as the RFC says:. How To Split a PDF Online: Import or drag & drop your file to our Split PDF tool. The advantage of doing it this way is that you can actually extract files from other protocols other than http (like ftp or smb) and you can use display filters. For a PDF file: Hex: 25 50 44 46 2d ASCII: %PDF- (Before attempting in Wireshark, spend sometime with a known PDF file and a hex editor to get a feel for what the file bytes will look like. Right click, then choose “Decods as…”. To stop capturing, press Ctrl+E. Jun 13, 2015 路 TCPTrace has an option (-e) for this:. Set "Show data as" to Raw. It's really that dead simple: echo "hello world" | gzip > hello. File Set → Next File If the currently loaded file is part of a file set, jump to the next file in the set. Right click > Export selected bytes. cat hello. Oct 26, 2019 路 I have a fwcapture. Nov 12, 2019 路 1. Note: You need to wait to let Wireshark process all packets into Raw data. You'll need to save the PCAP-NG file in the old PCAP format first though. Dec 28, 2015 路 Extracting Files from Network Packet Captures. If you look in the next screen shot, you'll see the output of the `xxd` command against the file that was extracted from Wireshark. You're done. That said if that's an exercise, I would look into other text files downloaded from the FTP hoping one of them contains the password of the . What do you want to accomplish and why not use wireshark or tshark for it, as it has a lot of ground already covered and it can be extended quite easily with a protocol dissector for your protocol and/or a lua script to extract things from your protocol. aircrack-ng -z filename. Specified PDF as the file type. uri contains "GET". 3 - use uniqueip. cap file, which is used by Wireshark. T. 3. Jul 8, 2020 路 Select the shark fin on the left side of the Wireshark toolbar, press Ctrl+E, or double-click the network. Exporting Downloaded and Uploaded Files. You can choose from the types described in Section 5. basic instructions of: Highlight the RTP Line within Wireshark. May 2, 2017 路 When opening this file in an editor the content is duplicated, the first one with ^M, the second one without it. 4) Remove the ^M characters in the file (result of different line endings used in Windows and Linux) and save it. pcap, possibly as filtered by the read filter, should be written to the file whose name is the argument to the -w flag, so that command means "write, to the file named rtp. Open the pcap file in Wireshark by : - Clicking FILE then from drop down menu OPEN then browse to find the pcap file . Select PDF file. 2. To extract gzip compressed data, you can simply use a gzip library in the language of your choice or the Unix executable zcat. Hello! In Wireshark if I want extract file from ftp session I do: Find ftp-data packets -> Follow Tcp Stream -> Show Raw -> Save As. Figure 5. We have got the sames files. This will print hello world. There are plugins for extracting SQL databases, Chrome history, Firefox history and much more. Or, go to the Wireshark toolbar and select the red Stop button that's located next to the shark fin. Find and highlight the file and click "Save As. Then right-click one of the frames and select Follow TCP Stream. txt". or drop PDF here. Change to RTP. This takes Oct 19, 2015 路 I used Bro IDS to get the required fields from the conn. Wernfried Domscheit. In this demonstration I will use Wireshark to capture streaming audio and save it to my computer for playback. open the . Nov 7, 2022 路 Network Forensic In this video, I am going to investigate network traffic activities within the PCAP files, using Wireshark. 2) The student uses Wireshark to open Save the file and run it again. One Answer: 0. prints the desired output. Finally, save the PCAP file by going to File -> Save As…. asked May 24 '0. Jan 2, 2024 路 From “(Pre)-Master-Secret log filename” , use Browse button or paste path of the log file and click OK to finish. – Élodie Petit. pdf (60000 bytes). . 馃搨 To extract files from a pcap, go to 'File' and select 'Export Objects'. Now it will show the SSL details for the packets. A new window will be opened with the decoded TCP flow. Dec 20, 2018 路 answered Dec 21 '18. I found ways on the Internet to extract certificates from an SSL session trace. How to extract and reassemble a file transfer via plain FTP using WiresharkFTP is a protocol used by computers to share information over the network. Extra fields are specified in the command by adding a -e argument with the field name, use multiple -e field. edited Oct 26, 2010 at 12:42. Select the one of your interest, and press button Save, select one of ' Extracting Objects Wireshark is also aware of ‘objects’, and provides a variety of options for exporting the packet data. bin'. Expand that option and expand the Full session ID. 0) or Telephony >> RTP >> Show all streams. log, http. org. Go to Edit > Preferences > Protocols > TCP and enable "Allow subdissector to reassemble TCP streams. Note the presence of the two byte file header "MZ" ($4D5A in hex) that begins at offset 128. A similar method can be used to extract files from SMB sessions. 2. 5) Use base64 to decode the encoded attachment in this way. To find this you will have to drill down in the packet you want, depending on the protocol. Mar 3, 2017 路 Download the HTTP eicar zip file. Share. To Jun 17, 2015 路 I want to extract the files such as pdfs, images, javascripts etc. g. 31. grahamb. mpeg. Open the pcap in Wireshark and use the following filter: ftp. 7z file. Feb 17, 2018 路 13742 694 115. Description: In this video you will learn how to Extract PDF file From HTTP Stream Using Wireshark tool. 8. txt has some strange formatting where some Feb 21, 2014 路 tshark -r my. A. In this video, we will look a extract file from FTP stream with tshark. I happened to have traffic dump that I was sure contained a video stream and was wondering if WireShark can extract that as well. You can test it with the following pop3 pcap file. PNG file. csv. Allow the program to capture enough data, then stop the capture process. Split or extract PDF files online, easily and free. Can I create a capture filter on a pcap file. The “Print” dialog box. Once you stop to review captured suspicious network traffic, you will need to save as a pcap file as shown in diagram 3 below: Diagram 3. Printed output can contain lots of text, particularly if you print packet details and bytes. 0 and 2. Toggle to extract pages as a single PDF or separate PDFs. Capture test call required. I want the protocols such as http, ftp, smtp, pop supported. Give file name with known extension [Must]. The "If-Modified-Since" header field makes a GET or HEAD request method conditional on the selected representation's modification date being more recent than the date provided in the field-value. 2 - Use sort to delete the double ips. Click “Finish” to extract your PDF pages. Feb 21, 2020 路 Right click on any line in the trace and choose “decode as…”. txt | uniq > uniqueip. The “Print” Dialog Box. answered Oct 26, 2010 at 12:36. Printing Packets. Nov 17, 2019 路 For mye it was pure technical capacity to do so. Select File > Save As or choose an Export option to record the capture. A pdf file 3. Erik. txt -b <BSSID> file. File | Export Objects | HTTP. To extract objects from the packet capture, go to File > Export Objects and select the object type from the list. For example it will retrieve the WPA passphrase protecting a PSK (pre shared-key), that will be required to decrypt the Apr 14, 2019 路 3. from the pcap file captured using wireshark. Download your extracted PDF pages when ready—done! Mar 26, 2020 路 Wait a few seconds and then stop the Wireshark capture by clicking the Red Box on the top left of the Wireshark window. How to convert Pcapng file to pcap file by Tshark. 3. Jan 1, 2001 路 This menu item allows you to show a list of files in a file set. qry. I was wondering if what I'm doing is already Feb 8, 2019 路 Wireshark has an "Export Objects" mechanism, which allows data objects transported over various protocols to be written out to files. NumberOfPages; i++) Download rtptools. In the pop-up window, copy the encoded file (Windows selection and copy mechanisms - CTRL-C, etc. Depending on the way the Firefox plugin works you'll have to work out how to get the HTTP header data from the output into the Nov 6, 2022 路 How do I extract a JPEG from Wireshark? “Open JPEG files directly” means that you can open them via File→Open. base64 -d carve. If possible, binwalk will extract files from the network capture if it correctly identifies magic bytes. The trick with the imf file format is also valid. Then export to csv. Feb 24, 2020 路 By using Wireshark we can also easily extract files such as images, documents and audio files from the network traffic. This looks like a Wireshark bug for me. Oct 16, 2022 路 My approach is to: 1 - Use tshark and export the list in a txt file. Sep 30, 2021 路 probably not, there's no reason the zip's password would be sent through FTP. Oct 8, 2021 路 If we are doing a CTF or performing Malware analysis with Wireshark, we usually need to extract files from PCAPs at some point. this time run it with --help switch to see the help page?! :) It seems the tool needs a switch to run the whole process on a PCAP file. Aircrack-ng 1. gz. To import cookies into Firefox you would most likely need some extra Firefox plugin. name -e dns. How can I extract the unique IP addresses(no mater source or destination) as a list? May 18, 2016 路 Demo of exporting objects from Wireshark for DFS530 at Champlain College Essential Steps for Extracting Files from PCAPs. Simply Mar 3, 2021 路 Tshark can do that using the following instruction: tshark -r (path of pcap file) -E separator=, -E header=y -T fields -e field1 -e field2 > name. Select Raw->Save as. Apr 6, 2021 路 27. NetworkMiner with extracted emails in "Messages" tab, extracted files are in the "Files" tab. The simplest way to do that is using tshark ( bundled with wireshark ). You can find the field name in the GUI by selecting the field of interest in the packet details pane and looking at the info in the status bar at the bottom left. Whether you need to compare content as it passed the capture point with the user experience, or you are hunting for malicious content, exporting gives a vital clue to an investigation. Improve this answer. name arguments for multiple fields. jpg images, but I am not sure what the file signature is for a pgn and docx file. You can use Wireshark and do it manually: Select one frame of the SMTP conversation. These ‘objects’ are files which can be reconstructed from HTTP and SMB streams. Feb 21, 2020 路 The specific byte I want to extract is always in the same position, but I don't know how to extract it. Brad Duncan from PaloAlto Networks wrote an excellent article describing how to extract data from various network protocols using Wireshark. Mar 15, 2017 路 For HTTP files: 1. I. Then use a decoder to extract the file itself (either local tool or online You can find the folder where files have been recovered by right-clicking on a file and selecting "Open Folder". log, dns. Find the line matching our PDF file, right click and select the option “Follow TCP Stream”: Click to enlarge. NetworkMiner woks in both Windows and Linux. docx and you should have your resulting file. pdf’ as file name while saving the file. Thank you for the advices @grahamb and @Chuckc:) I was able to extract the raw data from the packet without the HTTP headers, by trimming the headers part with right click on the packet > show packet details > modify the "start" value so that it starts from the magic bytes of the image which is . pcap>" and inspect the logs like conn. All the info I found seems to speak about fields I don't find in my version of WS (I tried 2. Capture files and file modes. The new Window will show any files that were found. In the capture file you'll be looking for the Set-Cookie HTTP header sent from the server in the response to a request. :%s/^M//g. I was able to extract and run the file PortRptr. Here is the snapshot for live video. text -o data. A docx file 2. [File > Export Objects > HTTP]. mpeg and play it with KMPlayer or supported player. Jul 15, 2016 路 I am using Itextsharp to extract pdf on local system. While capturing, the underlying libpcap capturing engine will grab the packets from the network card and keep the packet data in a (relatively) small kernel buffer. Here is the command that I ran to extract the WEP key from pcap file. src > output. e. pcap. Edit the PDF with our other tools if needed. Wireshark will display the JPEG file as a single “packet”. right-click, Follow > TCP Stream. to save the raw payload data for the stream. Stop Wireshark after the download has completed. Hi, I've signed up for some online work experience and one of the task is to reconstruct various documents by following the TCP stream in Wireshark. Type in the name of the file in which you wish to save the captured packets. This data is read by Wireshark and saved into a capture file. " Alternatively, hit the "Ctrl" and "E" keys to begin capturing data over the network. Below are the fields. 1 1 2 1. Specify the format of the saved capture file by clicking on the “Save as” drop-down box. Menu Statistics (Wireshark 1. Open the Wireshark trace file and put in display filter = sip (This displays all the SIP dialogs related to the call) Find the INVITE related to the call. E. With openssl x509 -inform der -in cert. Bart Silverstrim. I found the magic flag to set: -o data. Then right click it and select Follow TCP Stream. Pick the packet which contains the certificate, in this case packet 6. The Scenario, I am going to use Feb 9, 2012 路 4. ea gq nw ln xx js jg no es gb