Basic Network Troubleshooting using Wireshark - doris-rzgx-20250422-100859

Visit the Basic Network Troubleshooting using Wireshark course recordings page

                WEBVTT

00:00:00.000 --> 00:00:09.600
Okay so I can see your desktop so please double check the time display format is the one that

00:00:09.600 --> 00:00:22.620
I selected here second since first capture packet. Okay good. So okay this is actually

00:00:22.620 --> 00:00:26.620
this is a default measurement of time that I just want to make sure we are absolutely on

00:00:26.620 --> 00:00:35.680
packet page. So I believe I've always selected this selection and I want to see my running total

00:00:35.680 --> 00:00:45.960
of time. So it's like I start at stopwatch at first package 0.0 and then as the packets come

00:00:45.960 --> 00:00:54.360
in I can gradually see those came into to our other packet. So in total how much time of

00:00:55.000 --> 00:01:05.420
actually I can put it in here 156 seconds. Okay so this is the total time that's spending

00:01:05.420 --> 00:01:10.440
in this conversation. All right okay so let's jump into here.

00:01:12.480 --> 00:01:20.420
Ah okay but before that can you help me to um maybe

00:01:22.060 --> 00:01:30.020
okay maybe we can do it later. No worries we can do it later. So from here first packet

00:01:30.020 --> 00:01:39.740
I'm seeing our client send us in request and then with the HTTP GET and then server responded

00:01:40.660 --> 00:01:50.400
but inside here I can see client send another GET request we ask the client is sending

00:01:50.420 --> 00:01:58.060
to this sls-client-opportunity.asps file for whatever that is in that application but

00:01:58.060 --> 00:02:04.120
I think right now it's not very important. Let's see the client connected over the TCP

00:02:04.120 --> 00:02:08.560
and able to send the request to the server but did the server get the response?

00:02:09.460 --> 00:02:15.380
Did the server get the response? Okay let's see. If we look at the packet number five

00:02:16.420 --> 00:02:21.800
why is continuation? What is that means? Actually this is a continuation packet that

00:02:21.800 --> 00:02:27.500
means the packet size limited during capture so that means the client the request from

00:02:27.500 --> 00:02:38.020
the client was so large so it will span in two okay it will span in two

00:02:38.020 --> 00:02:43.620
packets. It's not uncommon to see but sometimes a GET is so much in it

00:02:44.800 --> 00:02:51.780
okay so there's a lot of information and from the client to the server so it just simply

00:02:51.780 --> 00:02:57.580
spans more than one packet going from the client to the server. Okay let's go down to

00:02:57.580 --> 00:03:06.020
this packet six so I can see the server got the response server got the response with the

00:03:08.260 --> 00:03:15.940
knowledge all right so if I got it I come over to the link here is the link it's just a 60

00:03:16.880 --> 00:03:22.080
wow okay that means it's a very small packet coming back from the server is it full enough

00:03:22.080 --> 00:03:27.320
no I don't think it's a full response just yet because the server may be saying I got

00:03:28.040 --> 00:03:38.800
but wet how long do we wait okay so maybe some notice that um okay let's continue

00:03:38.800 --> 00:03:46.100
in the next packet we can see 20 seconds right 20 seconds to receive a packet so that means

00:03:46.100 --> 00:03:55.080
how long do we wait is wait until 20 seconds 20 seconds quite a lot so what does tell me

00:03:56.160 --> 00:04:01.600
I think that three will handshake work pretty quickly or at least 100 millisecond

00:04:01.600 --> 00:04:10.400
network latency but this get was enough to the server it takes 10 20 seconds so from

00:04:10.400 --> 00:04:18.200
the previous packet you can see the maximum was only 201 218 milliseconds

00:04:19.080 --> 00:04:26.200
and the minimum one is just 105 milliseconds but right now I can see in the packet number seven

00:04:26.780 --> 00:04:33.280
eight stacking how many seconds 20 seconds in order to send the response back to us

00:04:33.280 --> 00:04:45.140
okay so that was tell us the response was um slow the response was slow from client

00:04:45.140 --> 00:04:52.660
to the application sorry from server to the client okay so that means there was something

00:04:52.660 --> 00:04:59.540
wrong something wrong in the server side so this is something that I can take a look

00:04:59.540 --> 00:05:09.720
and understand what's happening in the packet file okay so for the rest of the um packet

00:05:10.440 --> 00:05:17.440
I won't describe right now because we have a first lesson to brief you to about what is

00:05:17.440 --> 00:05:28.680
the information in the bottom left corner and the middle pen okay so I will not like

00:05:29.700 --> 00:05:37.120
go into a deeper for this pick up for this moment and just get you to warm up to show

00:05:37.120 --> 00:05:42.880
some of the things that we can determine at the packet level and maybe stir up some of

00:05:42.880 --> 00:05:55.700
your assignment okay so all right so I think okay let me open the camera I want to

00:05:55.700 --> 00:05:56.080
uh

00:05:58.380 --> 00:06:05.680
all right so I'm not really familiar with um yeah bear with me

00:06:06.710 --> 00:06:07.070
okay

00:06:09.970 --> 00:06:16.550
okay so from the pre-lab I hope you guys can get some ideas on how

00:06:17.650 --> 00:06:26.030
do we know have a first look on the packet file but this was a lesson I think in the

00:06:26.030 --> 00:06:31.550
let me think I think maybe we are going to discuss in very deeper in the third day lesson

00:06:31.550 --> 00:06:36.870
first day and second day we need to understand from the beginning because

00:06:36.870 --> 00:06:41.330
this is a basic training from the very beginning on how to install the virtual

00:06:41.330 --> 00:06:47.510
what are the default interface and how do we look into the color um

00:06:48.030 --> 00:06:55.530
color filtering and do some filtering color ruling do some filtering on narrow down the

00:06:55.530 --> 00:07:04.730
analysis so so on so forth okay so I think let's have a 15 minutes break before we jump

00:07:04.730 --> 00:07:09.230
into a first lesson I think first day I don't want to make it very tight schedule

00:07:09.230 --> 00:07:15.790
I yeah let's have a short break before we continue into the first lesson is that all right

00:07:16.570 --> 00:07:23.010
okay so Alex I'm not sure is there a music or timer in the zoom

00:07:27.430 --> 00:07:35.270
okay okay so there's no music like teams we can just launch it no okay all right no worries

00:07:35.270 --> 00:07:40.770
just take a short break I think because first day first lesson we are yeah we'll get a bit

00:07:40.770 --> 00:07:47.330
warm if we continue yeah talk too much into just the first session all right see you guys

00:07:47.330 --> 00:07:55.110
later yes I will launch a timer I will put in the chat see you at 10 30 all right see you

00:08:04.030 --> 00:08:05.430
guys

00:08:08.230 --> 00:08:10.150
You want to drink some water?

00:08:10.550 --> 00:08:12.270
No, I don't want to drink it.

00:08:12.490 --> 00:08:12.930
What do you want to drink?

00:08:12.990 --> 00:08:15.990
I want to drink it like you do.

00:08:18.830 --> 00:08:24.850
No, don't disturb me.

00:08:40.730 --> 00:08:43.310
Hello, we are back.

00:08:44.650 --> 00:08:51.370
Alright, so I hope you guys enjoy the short break and have a drink, have a water.

00:08:51.370 --> 00:09:07.770
Alright, so I think before we go to the first lesson, I want to make sure that my speaking is not that fast.

00:09:07.970 --> 00:09:10.170
You are able to catch up what I'm saying.

00:09:11.190 --> 00:09:17.170
Or is it too fast for you to understand my talking?

00:09:17.290 --> 00:09:18.570
Okay, that's good.

00:09:21.750 --> 00:09:24.830
Okay, let me adjust my speaker.

00:09:25.490 --> 00:09:26.950
Is it better now?

00:09:28.330 --> 00:09:29.570
Okay, thank you.

00:09:30.370 --> 00:09:39.510
So I think my first lesson is about starting from installing the workshop from the beginning.

00:09:40.090 --> 00:09:42.850
So maybe we go into the first lesson.

00:09:43.810 --> 00:09:45.810
I want to have more interaction.

00:09:45.810 --> 00:09:51.690
So at first, you both introduce yourself as a network engineer.

00:09:54.010 --> 00:10:02.910
So maybe one of you, each of you can take like two minutes to maybe let me know who are the team players?

00:10:03.270 --> 00:10:05.710
I mean, who are you working with?

00:10:05.710 --> 00:10:20.750
I'm working with software engineers, task engineer, developer, developers, security ops, any product manager, project manager, business analyst, product owner.

00:10:21.510 --> 00:10:28.070
So for me to understand what is your daily task and understand like what are you doing every day.

00:10:28.610 --> 00:10:32.910
Maybe just a high level introduction about your job.

00:10:32.910 --> 00:10:36.910
So who want to raise your hand and go first?

00:10:42.150 --> 00:10:42.730
Clients.

00:10:43.130 --> 00:10:45.190
So do you have any application?

00:10:45.390 --> 00:10:54.950
I mean like software, website, or desktop application like install, for example, Microsoft Word, Office.

00:10:55.590 --> 00:11:02.190
So whenever web browser, web application, for example, Google.com.

00:11:02.190 --> 00:11:10.350
Or do you have any website or application that used by your client or only internet issue?

00:11:13.650 --> 00:11:22.970
So you are not the one who set up the environment, but you are the one who like need to do some troubleshooting on any network issue.

00:11:24.590 --> 00:11:30.390
So typically like mostly what are the issues?

00:11:30.410 --> 00:11:31.910
Maybe you can give you one example.

00:11:32.370 --> 00:11:38.190
What are the common issues that you found in your regular job?

00:11:38.490 --> 00:11:45.390
Just any one example of your problem that you mostly encounter from the client side.

00:11:49.350 --> 00:11:53.250
So whenever you have some clues after your troubleshooting.

00:11:53.730 --> 00:11:56.190
So who is the one who need to communicate with?

00:11:56.770 --> 00:12:03.110
I mean you collect the logs, packet files, and do analysis and found some clues.

00:12:04.590 --> 00:12:06.410
So able to found the solution.

00:12:07.470 --> 00:12:14.890
So are you the one who just fix it and then who need to report to or are you need to communicate with your client?

00:12:15.850 --> 00:12:18.350
Or do you need to do a report?

00:12:19.090 --> 00:12:20.830
Okay, I see. You are the one.

00:12:22.310 --> 00:12:24.330
Deal with client, solve the issue.

00:12:24.550 --> 00:12:29.670
I mean collect the issue, solve the issue, and communicate with client.

00:12:32.590 --> 00:12:33.910
Okay, I see.

00:12:35.010 --> 00:12:45.130
So maybe I can share some demo from the software application perspective.

00:12:45.250 --> 00:12:47.950
I'm not sure if you guys are interested to know.

00:12:48.090 --> 00:12:54.350
But at least we can integrate with Wireshark to know what we normally do from there.

00:12:57.970 --> 00:13:02.190
Let's back to our presentation slide.

00:13:02.190 --> 00:13:04.310
Let me minimize.

00:13:10.190 --> 00:13:21.750
Hope you don't mind because I just feel some eye drops in my eyes because I cannot really always open it.

00:13:22.050 --> 00:13:25.330
So I will turn off the camera sometimes.

00:13:27.370 --> 00:13:30.850
So are you guys able to see my sharing screen?

00:13:32.190 --> 00:13:33.570
That's good. Let's proceed.

00:13:39.710 --> 00:13:41.590
I like to see your face.

00:13:42.150 --> 00:13:44.610
So I'm opening the gallery mode.

00:13:45.570 --> 00:13:50.770
So first lesson is about the introduction to Wireshark.

00:13:52.450 --> 00:13:54.670
I will try to speak slowly.

00:13:56.130 --> 00:14:01.210
I hope I'm not too fast. If too fast, just rest your hand or shout to me.

00:14:02.190 --> 00:14:07.170
So we're going to talk about how to successfully capture network traffic.

00:14:08.410 --> 00:14:11.730
Because if you don't capture it well, you can't analyze it.

00:14:12.450 --> 00:14:19.270
So this is the first lesson we're going to go through in the morning session.

00:14:19.830 --> 00:14:25.530
So these are the things that I'm going to discuss and share with you.

00:14:26.530 --> 00:14:33.470
First, we're going to learn how to install the Wireshark with some default settings.

00:14:34.490 --> 00:14:39.550
But some command line trees as well if you are also using it.

00:14:39.630 --> 00:14:44.930
And where and how on the network that we should capture the packets.

00:14:46.830 --> 00:14:58.550
And then the first packet that captured maybe just some very high-level introduction on the first packet that I'm capturing.

00:14:58.670 --> 00:15:05.430
And then the ring buffer that I'm going to share with you on how I collect the log files.

00:15:05.710 --> 00:15:12.350
And also some best practice guidelines when you are doing the packet capture.

00:15:14.930 --> 00:15:20.150
So before we get into the packet reads, we first have to install the Wireshark.

00:15:20.430 --> 00:15:25.190
So I've already installed it for you in the virtual machine.

00:15:25.610 --> 00:15:29.390
And I believe because you're the one who uses the Wireshark in your daily tests.

00:15:29.630 --> 00:15:32.930
So you're very familiar with the installation.

00:15:33.950 --> 00:15:40.610
Just in case you want to look at some extra features that get installed along the actual user interface.

00:15:41.190 --> 00:15:43.630
So this is the first lesson it's all about.

00:15:44.930 --> 00:15:48.930
Let me copy and open it.

00:15:49.310 --> 00:15:55.190
So this is the Wireshark official website.

00:15:55.850 --> 00:16:12.210
May I know how often you are using the Wireshark official website to go to ask a question to the developer or go to the documentation or FAQ?

00:16:13.210 --> 00:16:19.430
Do you guys go through it in very deeper to get some information while you are doing your daily tests?

00:16:21.130 --> 00:16:23.030
No? Okay.

00:16:23.730 --> 00:16:24.110
Alright.

00:16:24.910 --> 00:16:29.670
So from here actually we can get the installer.

00:16:31.250 --> 00:16:35.950
If you want to download it, you can see there are multiple types of installer.

00:16:36.390 --> 00:16:40.330
So for Windows, normally I would choose the first one.

00:16:41.330 --> 00:16:43.850
So I already installed it in my local.

00:16:44.110 --> 00:16:49.010
So I will drive you guys through the installation.

00:16:49.610 --> 00:16:51.510
I need to close it first.

00:16:51.570 --> 00:16:53.190
Now done.

00:16:54.510 --> 00:16:56.590
This is already installed in my machine.

00:16:59.390 --> 00:17:00.050
Nope.

00:17:02.350 --> 00:17:02.650
Alright.

00:17:04.790 --> 00:17:06.630
Where is my Wireshark?

00:17:07.650 --> 00:17:08.590
Okay, here.

00:17:10.330 --> 00:17:14.770
So just now I downloaded the .exe file.

00:17:15.410 --> 00:17:17.710
So now I executed that file.

00:17:18.050 --> 00:17:20.050
So it comes down to install the Wireshark.

00:17:20.070 --> 00:17:22.490
This is the first UI that you can see.

00:17:23.470 --> 00:17:25.010
Oh, it cannot be enlarged.

00:17:25.210 --> 00:17:26.050
Okay, never mind.

00:17:27.470 --> 00:17:31.730
So this is the installer and the first UI that you can see.

00:17:32.050 --> 00:17:37.350
So let's go to the next and agree on the license agreement noted.

00:17:37.350 --> 00:17:40.370
Okay, next.

00:17:43.750 --> 00:17:50.350
So normally the components that to install, normally I will use the default one.

00:17:50.790 --> 00:17:57.530
And you can just go into the next page if I just hit the enter.

00:18:00.950 --> 00:18:04.290
But if you expand the tools in here, right?

00:18:04.290 --> 00:18:10.770
You can see some other tools, the extra tools and with the command line tools as well.

00:18:11.590 --> 00:18:17.010
But I'm not really like use the command line tools in my daily tasks.

00:18:17.350 --> 00:18:19.250
So normally I will just skip it.

00:18:19.430 --> 00:18:30.150
But if you are familiar with this command line tool that is helpful for you, you can also install it as well as this T-Shark.

00:18:30.150 --> 00:18:36.890
Okay, so have you guys used the T-Shark as well?

00:18:37.070 --> 00:18:38.550
The terminal shark, this one?

00:18:38.710 --> 00:18:39.150
Yes or no?

00:18:44.270 --> 00:18:49.550
Okay, have you guys ever used the T-Shark too?

00:18:51.490 --> 00:18:53.990
Okay, so normally you won't install it.

00:18:53.990 --> 00:19:03.870
How about the command line tools like edit-cap, merge-cap, texture-pcap and the components?

00:19:04.610 --> 00:19:08.010
No, okay, so you just use the default one, yes?

00:19:08.630 --> 00:19:10.810
Alright, so let's go to the next.

00:19:10.810 --> 00:19:16.410
And okay, because okay, let's see.

00:19:16.870 --> 00:19:18.110
I think already installed, okay.

00:19:18.470 --> 00:19:24.950
So I'm not able to check this install mpcap because I already installed it.

00:19:24.950 --> 00:19:27.150
Currently installed version is 1.79.

00:19:28.110 --> 00:19:29.770
This is very important.

00:19:29.810 --> 00:19:35.770
I have to highlight this because this is the actual packet driver that collects the packets from the wire.

00:19:36.390 --> 00:19:40.010
So this is very something that is important to know as well.

00:19:40.010 --> 00:19:50.850
We have to install it, otherwise we are not able to capture the packet successfully and properly in the wire shock.

00:19:51.270 --> 00:19:54.430
So go to the next and then click install.

00:19:54.790 --> 00:19:56.650
So for this one, it's up to you.

00:19:56.690 --> 00:19:58.670
Okay, it's optional, right?

00:19:58.790 --> 00:20:02.650
So I won't click install because I already installed it.

00:20:02.650 --> 00:20:12.430
And this is just to tell you about the installation that normally did by the common user.

00:20:12.730 --> 00:20:16.710
If you have extra components that you are going to use like the one that I mentioned,

00:20:17.010 --> 00:20:26.830
a list of extra components that you normally use, then you have to manually check and then install it.

00:20:26.830 --> 00:20:27.530
Okay.

00:20:28.070 --> 00:20:33.230
So once you have installed it, let's launch a wire shock.

00:20:33.590 --> 00:20:35.130
Okay, hold on.

00:20:36.690 --> 00:20:37.310
Okay.

00:20:39.270 --> 00:20:43.190
So let me launch a wire shock now.

00:20:44.070 --> 00:20:44.630
Okay.

00:20:45.430 --> 00:20:49.410
So now we have, all of us have the wire shock downloaded, right?

00:20:49.810 --> 00:20:52.930
So let's go ahead and collect some traffic off the network.

00:20:52.930 --> 00:20:58.210
And go ahead and file our wire shock and let's get to the first packet capture.

00:20:59.070 --> 00:21:05.930
So you can see that is the history PCAP file that I opened before.

00:21:06.790 --> 00:21:09.350
And here are the interface.

00:21:09.570 --> 00:21:09.730
Okay.

00:21:10.170 --> 00:21:15.750
Here are the interface and the protocol that bound with the protocol driver.

00:21:16.370 --> 00:21:20.670
So normally what are the interface that we are going to choose?

00:21:21.890 --> 00:21:28.390
So may I know what are the interface that mostly you are analysed on?

00:21:28.590 --> 00:21:30.830
Is it Wi-Fi or LAN?

00:21:32.970 --> 00:21:38.210
Okay, LAN because you are using the company office, right?

00:21:39.590 --> 00:21:40.290
Okay, understood.

00:21:41.950 --> 00:21:43.490
So, okay.

00:21:43.950 --> 00:21:46.870
So there are a few options here.

00:21:46.870 --> 00:21:55.950
If let's say, okay, if let's say here I didn't have the USB connected so I cannot see the USB interface.

00:21:56.310 --> 00:22:02.990
But if you have the USB device connected, you can even see a USB interface.

00:22:03.630 --> 00:22:09.010
Have you also traversed or analysed the USB traffic?

00:22:09.130 --> 00:22:10.670
No, only the LAN.

00:22:11.910 --> 00:22:12.850
Okay, okay.

00:22:12.850 --> 00:22:21.130
So USB is one of my, I think one of my interface that I use before because like for example,

00:22:21.790 --> 00:22:24.970
if we trying to, I'm the hacker.

00:22:25.210 --> 00:22:26.010
Okay, I'm the hacker.

00:22:26.310 --> 00:22:29.130
I want to spread the wires to the client side.

00:22:29.430 --> 00:22:37.090
So I purposely plug in the USB and then download the wires file.

00:22:37.790 --> 00:22:41.910
Maybe just a text file, zip file, whatever file.

00:22:41.910 --> 00:22:45.170
And then download it to the local machine.

00:22:45.510 --> 00:22:51.230
So that is something that I need to try and test it.

00:22:51.950 --> 00:22:57.310
But here I didn't plug in the USB so what I can show is the default one.

00:22:57.510 --> 00:23:00.090
Wi-Fi, Internet, LAN, whatever.

00:23:00.610 --> 00:23:04.990
So normally I would choose Wi-Fi interface because my wires was enabled.

00:23:05.830 --> 00:23:10.290
Okay, this is something that the interface that I could go ahead and capture on.

00:23:10.290 --> 00:23:12.590
So there are a few options.

00:23:14.230 --> 00:23:18.390
As long as you know what other interface and which interface has utilization,

00:23:18.850 --> 00:23:25.730
just go into the closet and then we will get some bit information coming in.

00:23:25.950 --> 00:23:26.770
All right.

00:23:26.970 --> 00:23:32.610
Okay, so let's open it.

00:23:32.610 --> 00:23:40.650
Okay, so as you can see, I mouse over to the Wi-Fi interface.

00:23:41.710 --> 00:23:47.050
So I can see this is my information, right?

00:23:47.950 --> 00:23:53.510
So my IP address is here that you can see, no capture filter.

00:23:53.650 --> 00:23:58.210
So let's double click and it was starting to capture all the packets.

00:23:58.930 --> 00:24:01.530
So wow, a few thousand is going on and on.

00:24:01.530 --> 00:24:03.650
So let me install it.

00:24:06.850 --> 00:24:10.210
I think I need to end.

00:24:10.550 --> 00:24:17.710
Hold on, let me end the slideshare because I cannot really click on other ways.

00:24:25.930 --> 00:24:29.530
Okay, so I just stopped it.

00:24:29.530 --> 00:24:31.050
I just stopped the capturing.

00:24:31.730 --> 00:24:36.770
So if let's say I reproduce the issues that encounter in the client side,

00:24:37.010 --> 00:24:41.670
I'm going to save and give that a file name.

00:24:42.630 --> 00:24:45.070
So let me try to do it.

00:24:45.370 --> 00:24:49.830
Okay, so I'm selecting as pcap-mg file.

00:24:50.770 --> 00:24:54.610
May I know, are you using other file extension as well?

00:24:54.610 --> 00:24:57.290
Except apart from this pcap-mg.

00:24:57.770 --> 00:25:00.390
What are the other types that you use?

00:25:01.570 --> 00:25:06.690
Are you using other options for the file extension as well in your daily job?

00:25:06.790 --> 00:25:07.350
Yes or no?

00:25:07.530 --> 00:25:10.230
Oh, you are only saved as the pcap-mg file.

00:25:10.530 --> 00:25:13.390
Okay, all right.

00:25:13.610 --> 00:25:18.330
So let me quickly save it.

00:25:18.550 --> 00:25:19.090
Intro.

00:25:19.690 --> 00:25:21.130
Okay, let's save it intro.

00:25:21.130 --> 00:25:26.010
So from here I can see I already saved it.

00:25:28.030 --> 00:25:29.450
Let me go to the desk.

00:25:30.390 --> 00:25:33.650
Okay, so this is the packet file that I installed.

00:25:34.690 --> 00:25:38.310
So it's just a very simple.

00:25:38.810 --> 00:25:45.070
If you only select as a pcap-mg, you just save as and then select a type that you prefer.

00:25:46.090 --> 00:25:48.710
So this is the standard pcap-mg file.

00:25:48.710 --> 00:25:52.710
So if you come down to netmall, novel, land analyzer.

00:25:53.750 --> 00:25:57.850
So this is something that is not a common one.

00:25:57.870 --> 00:25:59.290
It's not a popular one.

00:26:01.230 --> 00:26:05.370
All right, this is the first packet with Wireshark we already captured.

00:26:06.230 --> 00:26:10.830
Okay, now on the other note, before we go to the next part of our training,

00:26:10.990 --> 00:26:14.290
I want to show you some of the capture options.

00:26:14.290 --> 00:26:22.670
Okay, so let me share the...

00:26:22.670 --> 00:26:29.830
Okay, so this is the capture option that I'm going to show you.

00:26:31.990 --> 00:26:33.730
All right, here.

00:26:35.310 --> 00:26:37.630
So, okay, all right.

00:26:38.030 --> 00:26:40.170
So this is the capture option.

00:26:40.770 --> 00:26:42.810
You can see all those inputs.

00:26:42.810 --> 00:26:48.870
This is the interface that we are seeing in the first UI.

00:26:49.430 --> 00:26:53.030
Okay, so just now I selected Wi-Fi.

00:26:53.550 --> 00:26:56.530
This is my IP address of my host machine.

00:26:57.790 --> 00:27:00.590
And normally when I'm doing the capturing,

00:27:01.210 --> 00:27:06.350
so I will always look into the capture option first.

00:27:06.350 --> 00:27:12.010
Okay, you can go from here, capture options,

00:27:12.570 --> 00:27:16.750
or this is the little icon here.

00:27:17.790 --> 00:27:19.030
Send, access.

00:27:19.950 --> 00:27:23.690
So this is a little gear which is the capture option.

00:27:27.170 --> 00:27:33.270
All right, so just now I mentioned if you have plugged in the USB,

00:27:33.270 --> 00:27:37.570
you can also see USB interface showing here.

00:27:37.710 --> 00:27:42.270
So if you have another USB option, you can also see different...

00:27:43.490 --> 00:27:47.710
I mean, connected to the client or endpoints that install the workshop,

00:27:48.110 --> 00:27:52.070
you can see different list of interfaces were showing here.

00:27:53.450 --> 00:27:57.270
Okay, let's go to the output here.

00:27:57.490 --> 00:28:03.490
Okay, I'm sharing with you about the...

00:28:03.490 --> 00:28:12.490
Okay, so just now I set the packet file as intro.pcapmg.

00:28:13.370 --> 00:28:18.550
So this is the only one file that I'm capturing and storing.

00:28:19.030 --> 00:28:25.090
So let's say I want to do some configuration before I capture the file.

00:28:25.090 --> 00:28:30.830
And if I want to monitor over the time, all the time, right?

00:28:31.430 --> 00:28:34.250
For example, two hours, three hours.

00:28:35.110 --> 00:28:39.450
So if the file getting larger and larger,

00:28:40.170 --> 00:28:47.090
it will come to one gig, two gig, three gig, and even 10 gig and 100 gig.

00:28:47.090 --> 00:28:53.590
So what is going to happen to my storage, right?

00:28:55.070 --> 00:28:59.690
So it will be crazy big, it will be crazy huge.

00:29:00.230 --> 00:29:06.210
So this is something that will not happen in our client side.

00:29:06.370 --> 00:29:13.070
They will comprehend I cannot use my machine because my local storage already bombed.

00:29:13.070 --> 00:29:16.690
Okay, so normally I will use...

00:29:16.690 --> 00:29:20.590
Okay, let's say let me choose a location.

00:29:22.070 --> 00:29:23.510
I'm using test.

00:29:24.870 --> 00:29:29.550
Let's say I'm using test as my file name.

00:29:29.970 --> 00:29:31.730
I'm selecting pcapmg.

00:29:32.350 --> 00:29:36.210
So I click this, create a new file automatically.

00:29:39.930 --> 00:29:47.570
So I can select different option to capture to a permanent file.

00:29:47.670 --> 00:29:49.770
Let me end the screenshot.

00:29:51.230 --> 00:29:55.370
Okay, here you can see this is a ring buffer, right?

00:29:56.050 --> 00:29:58.190
Have you used ring buffer for your capturing?

00:29:58.670 --> 00:29:59.950
No, okay.

00:30:00.270 --> 00:30:03.470
So maybe this is something interesting for your information.

00:30:03.470 --> 00:30:09.570
So normally before I capture the file, I will try to select a location.

00:30:10.030 --> 00:30:11.390
I will fill in the name.

00:30:12.010 --> 00:30:13.130
For example, it's Tesla.

00:30:13.830 --> 00:30:19.470
Then I will try to enable the ring buffer and then fill in some information here.

00:30:22.110 --> 00:30:28.830
Okay, because like I mentioned, I don't want to capture a massive pcap.

00:30:28.830 --> 00:30:33.810
I don't want to make my system crash and fill my hard drive.

00:30:34.490 --> 00:30:36.510
So the ring buffer is very important.

00:30:36.710 --> 00:30:39.390
I want to point your attention to.

00:30:41.290 --> 00:30:44.390
So what is ring buffer means?

00:30:46.070 --> 00:30:48.610
So that's I'm going to share with you.

00:30:49.610 --> 00:31:00.130
So for example, I want to store my test pcapmg as 20 here.

00:31:00.130 --> 00:31:02.290
I increase to 20 from 2 to 20.

00:31:02.710 --> 00:31:07.550
And then I'm going to get this 20 files total of 500.

00:31:10.610 --> 00:31:15.470
Okay, let's say 500 megabytes for each.

00:31:15.470 --> 00:31:24.470
So that means after the 20th file, that means 21 onwards,

00:31:25.650 --> 00:31:30.490
I'm going to go back to the first file and override the first one.

00:31:31.270 --> 00:31:33.110
Okay, you get what I mean?

00:31:33.410 --> 00:31:44.710
Okay, for example, in this location, you were going to have test 01, 02 up to 20.

00:31:44.710 --> 00:31:52.990
And then started from 21, test 21, 22, it will override with 21 with 01.

00:31:53.150 --> 00:31:59.590
So I will only always see 20 files with one 500 megabytes for each.

00:32:00.070 --> 00:32:06.790
So in total, it will only allocating 10 gigabytes of my hard drive for packet capture.

00:32:08.190 --> 00:32:09.950
So that's the ring buffer means.

00:32:11.190 --> 00:32:17.530
So as soon as so let's say for file one, as soon as it gets to 500 megabytes,

00:32:17.810 --> 00:32:23.850
it will write the next one file 02 and file 03.

00:32:24.210 --> 00:32:30.230
So 500 megabytes for each file size in total will be 10 gigabytes.

00:32:31.870 --> 00:32:38.850
Okay, so this is my I think this is one of the advantage for long term capture method

00:32:38.850 --> 00:32:46.770
because if you are going to monitoring some not always reproducible issue,

00:32:47.370 --> 00:32:52.290
for example, the network latency slowness or application slowness,

00:32:52.370 --> 00:32:54.890
you are going to digging into the file.

00:32:55.270 --> 00:33:01.590
But then sometimes that problem will only happen in different environment.

00:33:01.930 --> 00:33:04.530
So this is one of the way that you can use.

00:33:05.530 --> 00:33:09.830
Apart from after 500 megabytes, this is focused on the file size.

00:33:10.010 --> 00:33:14.730
You can also select this one or you can have multiple choice.

00:33:15.490 --> 00:33:25.750
If let's say I after say it's too much for me after let's say 10,000 decades,

00:33:25.870 --> 00:33:27.430
it will go to the file two.

00:33:27.430 --> 00:33:34.430
So after particular session or one minute, you will go to file two.

00:33:35.530 --> 00:33:41.770
So that will depends on the option to create the ring buffer.

00:33:41.830 --> 00:33:43.690
I mean the repeated file.

00:33:43.830 --> 00:33:44.590
All right.

00:33:44.950 --> 00:33:52.210
So normally I will use the file size instead of packet amount or the duration.

00:33:52.750 --> 00:33:53.850
All right.

00:33:56.230 --> 00:33:57.590
Let's say.

00:34:02.790 --> 00:34:03.130
OK.

00:34:03.610 --> 00:34:05.370
So I won't show you.

00:34:07.050 --> 00:34:11.090
I won't show you the result at this moment.

00:34:11.450 --> 00:34:12.770
We are going to proceed.

00:34:13.230 --> 00:34:14.150
All right.

00:34:14.930 --> 00:34:19.950
So later on, once I have the result, I will show you in the letter moment.

00:34:20.890 --> 00:34:22.610
Let's back to the slide share.

00:34:23.310 --> 00:34:23.870
OK.

00:34:24.370 --> 00:34:27.630
So I'm not sure whether it's helpful for you.

00:34:27.670 --> 00:34:30.950
But I think this is the extra knowledge for you guys to know.

00:34:31.330 --> 00:34:35.750
Don't feel your hub drive, especially the client side.

00:34:35.990 --> 00:34:42.150
If clients like compran, they can't use because the system crashed due to the file package that you captured.

00:34:42.270 --> 00:34:44.170
And it will be a serious problem.

00:34:45.190 --> 00:34:45.410
OK.

00:34:45.410 --> 00:34:53.610
So next, I think you guys are very familiar with the OSI model.

00:34:54.370 --> 00:34:59.850
Because this is something that we are going to analyze in a workshop.

00:35:00.510 --> 00:35:01.370
OK.

00:35:01.490 --> 00:35:05.410
For example, for example, let me stop it.

00:35:06.170 --> 00:35:08.710
Let me open the pre lab.

00:35:09.430 --> 00:35:09.750
OK.

00:35:09.750 --> 00:35:18.650
So just now, we realized that this is the scene packet that's sending by client to the server.

00:35:19.190 --> 00:35:27.910
So we can see we have the frame one, layer two internet and layer three IP, layer four TCP.

00:35:28.450 --> 00:35:33.350
So if we have the TRS, we have also this one, the layer six.

00:35:34.530 --> 00:35:34.770
OK.

00:35:34.770 --> 00:35:40.250
If we have HTTP protocol, we have the layer seven.

00:35:40.310 --> 00:35:43.710
But we are not capturing the HTTP packet in here.

00:35:44.230 --> 00:35:50.070
So these are the layers that we always analyze to.

00:35:50.770 --> 00:36:01.690
So I try to make it as simple because for me, it's very hard for me to even understand and always memorize the layers.

00:36:01.690 --> 00:36:02.150
OK.

00:36:02.530 --> 00:36:05.790
So it's very interesting words.

00:36:06.590 --> 00:36:10.570
Have you heard about this word before?

00:36:11.770 --> 00:36:13.390
We have seven layers.

00:36:14.590 --> 00:36:17.110
P, D, N, T, S, P, A.

00:36:17.370 --> 00:36:22.810
So have you heard about please do not throw sausage pizza away to memorize the order?

00:36:23.690 --> 00:36:24.310
Have you?

00:36:25.410 --> 00:36:25.810
No.

00:36:25.990 --> 00:36:26.630
OK.

00:36:27.790 --> 00:36:31.990
Because I can't even remember the capital letter.

00:36:32.610 --> 00:36:37.410
So please do not throw sausage pizza away.

00:36:37.710 --> 00:36:41.290
So this is a very interesting sentence for me to understand.

00:36:41.950 --> 00:36:50.030
And I try to use an example, a real world example, to understand what is the application, presentation and each layer means.

00:36:50.410 --> 00:36:50.670
OK.

00:36:50.670 --> 00:36:51.910
So I give you an example.

00:36:51.910 --> 00:36:56.610
So imagine you're sending a handwritten letter to a friend in one city.

00:36:56.970 --> 00:37:01.030
So in Bangkok, for example, to Singapore.

00:37:02.510 --> 00:37:04.010
And here how it works step by step.

00:37:04.770 --> 00:37:05.890
So this is it.

00:37:05.890 --> 00:37:18.310
And I try to create a column for computer network example and virtual example for me to understand well about the layers, the OSI models.

00:37:18.310 --> 00:37:22.290
So I hope it help you guys as well.

00:37:22.550 --> 00:37:24.690
So for imagine, OK, what is the application?

00:37:25.470 --> 00:37:35.290
If let's say I try to browse the example dot com in the Chrome browser, Chrome browser and each browser is a very common browser that used by the client.

00:37:35.410 --> 00:37:35.690
Right.

00:37:36.790 --> 00:37:39.050
So this is application layer.

00:37:39.470 --> 00:37:43.270
And in the real world example, this is the letter.

00:37:43.490 --> 00:37:45.590
I want to write a letter to my friend.

00:37:45.590 --> 00:37:48.630
OK, this is a letter that I'm going to use.

00:37:48.970 --> 00:37:50.390
And then workshop is on board.

00:37:50.730 --> 00:37:51.570
What is that means?

00:37:52.110 --> 00:37:54.450
So for example, I'm using the HPE protocol.

00:37:55.170 --> 00:37:56.990
I'm going to see the HPE layer.

00:37:57.350 --> 00:38:07.910
But if I'm not using the HPE protocol, like I'm not included using the HPE as I won't see this in the workshop when you click on the particular packet.

00:38:08.750 --> 00:38:08.970
OK.

00:38:09.190 --> 00:38:11.070
So what is presentation means?

00:38:11.070 --> 00:38:18.670
So if let's say I want to write in English, I want to write in Chinese, I want to write in the language as well.

00:38:19.110 --> 00:38:30.250
So this is the method that you are trying to form your letter for your friend to understand.

00:38:30.250 --> 00:38:40.650
And here in the computer, I'm trying to use HTML, JSON, XML or encoded data.

00:38:41.890 --> 00:38:50.190
So if I'm using the encoded data, that means I'm using the HTTP as encoded protocol.

00:38:50.250 --> 00:38:50.630
OK.

00:38:50.670 --> 00:38:57.030
So I'm able to see the TOS layer that I'm sharing you guys in the workshop.

00:38:57.030 --> 00:39:01.350
I am able to see this layer 6, TRS.

00:39:02.090 --> 00:39:02.270
OK.

00:39:02.270 --> 00:39:03.350
What is session means?

00:39:05.250 --> 00:39:07.190
Like the active session.

00:39:07.830 --> 00:39:12.350
Are you going to send your friends a letter weekly, monthly or yearly?

00:39:12.710 --> 00:39:13.730
So this is a session.

00:39:14.330 --> 00:39:20.630
And then what I'm understanding session actually is the one that I'm always using in the browser.

00:39:20.850 --> 00:39:20.990
OK.

00:39:21.090 --> 00:39:23.350
Let me show you one example.

00:39:26.750 --> 00:39:27.550
OK.

00:39:27.550 --> 00:39:29.350
Just now I'm using example.com.

00:39:33.170 --> 00:39:33.230
OK.

00:39:33.230 --> 00:39:40.630
Let me try to since this is not the OK.

00:39:40.890 --> 00:39:41.430
Never mind.

00:39:42.010 --> 00:39:45.610
So normally I'm using HBS.

00:39:46.150 --> 00:39:47.910
Maybe I'm using this one.

00:39:47.910 --> 00:39:49.050
Let me see.

00:39:53.730 --> 00:39:54.210
OK.

00:39:54.850 --> 00:40:00.210
So you can see I'm getting some information in the headers.

00:40:01.270 --> 00:40:08.550
If let's say I'm going to send a client request, click a button to this session.

00:40:09.450 --> 00:40:12.930
And this is the encrypted HTTPS protocol.

00:40:12.930 --> 00:40:17.830
I need to get the better token in this active session.

00:40:18.410 --> 00:40:20.410
If let's say I close it.

00:40:20.410 --> 00:40:20.830
OK.

00:40:21.250 --> 00:40:22.850
This session will gone.

00:40:23.450 --> 00:40:23.910
We're gonna.

00:40:24.730 --> 00:40:27.630
And if in the back end I'm trying to send.

00:40:27.670 --> 00:40:27.850
OK.

00:40:27.970 --> 00:40:30.910
Let's say I'm using a tool automation.

00:40:31.030 --> 00:40:32.150
I write some script.

00:40:32.450 --> 00:40:33.810
I'm using a postman tool.

00:40:33.890 --> 00:40:40.730
For example, I tried to use a postman tool to send a request from client to the server.

00:40:40.730 --> 00:40:43.570
But that session already closed.

00:40:44.710 --> 00:40:48.050
Am I able to connect to the server?

00:40:49.450 --> 00:40:50.090
No.

00:40:50.650 --> 00:40:52.050
You would definitely know.

00:40:52.750 --> 00:40:59.070
It needs to be open and have an active section like what I'm showing just now.

00:41:00.070 --> 00:41:04.730
You can get it from the F12 or right click inspect in the browser.

00:41:05.050 --> 00:41:05.990
Go to the network.

00:41:06.490 --> 00:41:08.930
You will see a lot of conversations there.

00:41:08.930 --> 00:41:09.950
It's huge.

00:41:10.090 --> 00:41:13.970
But just click on the one that you are going to trace in.

00:41:14.330 --> 00:41:15.970
So you will see at this section.

00:41:17.250 --> 00:41:22.270
So in here we are actually session is part of the TCP or TR session.

00:41:22.270 --> 00:41:23.710
You won't show in the workshop.

00:41:23.830 --> 00:41:24.290
OK.

00:41:24.810 --> 00:41:25.810
So transport layer.

00:41:26.310 --> 00:41:30.350
So I try to divide the letter into pages and number them.

00:41:30.350 --> 00:41:31.850
Number one, number two, number three.

00:41:31.970 --> 00:41:32.950
If I have three letters.

00:41:33.390 --> 00:41:34.990
So just imagine TCP.

00:41:35.730 --> 00:41:38.490
I'm going to using like TCP port.

00:41:38.910 --> 00:41:42.770
So inside the workshop you can see here.

00:41:43.670 --> 00:41:44.030
TCP.

00:41:44.490 --> 00:41:45.910
Let's say the first one.

00:41:50.710 --> 00:41:51.350
OK.

00:41:51.690 --> 00:41:53.230
I will see the port number.

00:41:53.590 --> 00:41:57.730
I will see the destination port number of my either server or client.

00:41:58.090 --> 00:42:00.330
And I will see some facts as well.

00:42:00.330 --> 00:42:05.270
And whether this is the SYN, FRAG, ANALYZE or whatever.

00:42:06.530 --> 00:42:12.570
So ANALYZE number, next sequence number, row sequence number or relative sequence number.

00:42:12.710 --> 00:42:16.570
That will be helpful for our capturing and analysis.

00:42:18.130 --> 00:42:18.790
And network.

00:42:21.350 --> 00:42:23.830
So what is your address of a friend?

00:42:24.770 --> 00:42:28.710
What is your address for your sender and recipient?

00:42:28.710 --> 00:42:33.030
So just now my IP address is 102.

00:42:33.370 --> 00:42:35.390
So this is my host address.

00:42:35.830 --> 00:42:39.350
And I'm accessing to NeverSSL.com.

00:42:39.570 --> 00:42:42.290
And this is the destination and IP address.

00:42:42.530 --> 00:42:46.150
So this is the IP address of recipient and sender.

00:42:46.610 --> 00:42:46.710
OK.

00:42:46.710 --> 00:42:47.450
And the data link.

00:42:47.710 --> 00:42:51.190
So this is the ARP and the Ethernet layer.

00:42:52.150 --> 00:42:54.350
So this is a MAC address.

00:42:55.730 --> 00:42:57.530
And the switches.

00:42:57.530 --> 00:42:58.370
OK.

00:42:58.370 --> 00:42:59.950
Let me show you.

00:43:00.090 --> 00:43:00.250
OK.

00:43:00.770 --> 00:43:01.450
Here.

00:43:03.030 --> 00:43:03.130
Here.

00:43:03.850 --> 00:43:04.150
OK.

00:43:04.630 --> 00:43:10.670
Normally, the destination MAC address would be the router or switch MAC address.

00:43:11.670 --> 00:43:14.850
So if I'm going to understand.

00:43:16.730 --> 00:43:20.130
Let me have a demo and MAC this a bit.

00:43:20.590 --> 00:43:27.070
I'm not really open to use this network comment unless I encounter some network issue.

00:43:27.070 --> 00:43:31.470
So for example, if I'm going to know what is my MAC address.

00:43:31.550 --> 00:43:37.790
Normally, I'll come to here with the wireless or Wi-Fi keyword.

00:43:38.030 --> 00:43:39.870
And this is my physical MAC address.

00:43:39.910 --> 00:43:41.350
And this is my IP address.

00:43:41.710 --> 00:43:48.970
But if I want to know what is my router address.

00:43:49.010 --> 00:43:51.930
And this is the comment that I normally use.

00:43:52.450 --> 00:43:55.010
So you will see here.

00:43:55.010 --> 00:43:56.730
All right.

00:43:57.070 --> 00:43:58.950
Because this is not captured from my local.

00:43:58.950 --> 00:44:03.210
So you are not able to see the MAC address exactly match with my comment line.

00:44:03.510 --> 00:44:09.010
But just for information, this is the MAC address for your endpoint.

00:44:09.870 --> 00:44:14.170
That capturing wire shop packet and the router or switch MAC address.

00:44:14.810 --> 00:44:14.890
OK.

00:44:15.070 --> 00:44:18.830
So that means the POP office address sorting backwards.

00:44:19.030 --> 00:44:24.250
For example, you are sending to Singapore or you are going to send to your bank code.

00:44:24.250 --> 00:44:26.270
So you will know the postcode.

00:44:27.270 --> 00:44:27.990
So physical.

00:44:30.230 --> 00:44:33.670
Which server transfer are you going to use?

00:44:34.250 --> 00:44:40.690
It's whether by truck, plant or extra extra.

00:44:41.410 --> 00:44:43.630
So in the computer network example.

00:44:44.410 --> 00:44:48.670
Are you going to send over the cables or Wi-Fi?

00:44:48.670 --> 00:44:49.670
So here.

00:44:50.510 --> 00:44:55.810
Actually, I'm not really like looking into the first layer in here.

00:44:57.090 --> 00:44:59.370
I'm not really like for kind of use.

00:44:59.430 --> 00:45:04.030
But then from here I will I will try to understand.

00:45:04.310 --> 00:45:06.370
For example, the capture length.

00:45:07.750 --> 00:45:08.670
And what is the.

00:45:10.610 --> 00:45:12.710
For example, this one.

00:45:13.150 --> 00:45:15.890
So capture length is 74 bytes.

00:45:15.930 --> 00:45:18.010
And this is the number one packet.

00:45:18.010 --> 00:45:19.710
And time.

00:45:20.490 --> 00:45:26.010
Another thing that I'm usually looking into is the delta time.

00:45:26.790 --> 00:45:33.490
From the first previous capture frame or the first previous display frame.

00:45:33.950 --> 00:45:35.390
And what's the arrival time as well.

00:45:35.650 --> 00:45:38.570
So this is something that I'm looking into the first layer.

00:45:39.130 --> 00:45:44.210
But sometimes and mostly I won't use frame one for my analysis.

00:45:44.210 --> 00:45:50.350
I will go in directly into the TCP or IP layer.

00:45:53.270 --> 00:45:53.850
All right.

00:45:54.310 --> 00:45:59.090
So that's basic information on the OSI layer.

00:45:59.750 --> 00:46:05.250
Any questions or any interesting experience that you are going to share?

00:46:05.350 --> 00:46:08.650
If no, then we are going to the next slide.

00:46:10.030 --> 00:46:10.630
All right.

00:46:10.630 --> 00:46:16.010
So I think this one you are more familiar with me.

00:46:16.130 --> 00:46:17.530
Where to capture on the network.

00:46:18.570 --> 00:46:20.790
Before I jump into the next slide.

00:46:21.730 --> 00:46:22.250
Maybe.

00:46:24.570 --> 00:46:25.210
OK.

00:46:25.790 --> 00:46:26.050
OK.

00:46:26.050 --> 00:46:28.070
Maybe I share you guys with this.

00:46:28.710 --> 00:46:32.070
What is the definition of where to capture?

00:46:33.310 --> 00:46:34.970
Maybe you can tell me where to capture.

00:46:34.970 --> 00:46:39.810
It's in the endpoint or it's in the network or using workshop.

00:46:39.810 --> 00:46:44.050
But here what I mean is where to capture on the network.

00:46:45.890 --> 00:46:46.090
OK.

00:46:46.090 --> 00:46:50.090
Before I explain my understanding and my knowledge.

00:46:50.830 --> 00:46:51.610
I hope.

00:46:52.050 --> 00:46:52.230
Yeah.

00:46:52.390 --> 00:46:55.230
Maybe Ham or Tanen.

00:46:55.450 --> 00:46:55.810
You can share.

00:46:57.270 --> 00:46:58.290
Based on experience.

00:46:58.490 --> 00:47:00.530
Normally where you put the workshop.

00:47:00.630 --> 00:47:03.850
Where you install the workshop endpoint.

00:47:03.910 --> 00:47:04.330
OK.

00:47:04.410 --> 00:47:05.510
Here the current site.

00:47:05.770 --> 00:47:06.910
So let's say imagine.

00:47:07.510 --> 00:47:08.430
Hey Ham.

00:47:10.350 --> 00:47:12.810
Current A got a problem.

00:47:13.130 --> 00:47:14.410
It cannot load the page.

00:47:15.270 --> 00:47:16.370
It keeps loading.

00:47:17.930 --> 00:47:19.590
So after click a button.

00:47:21.410 --> 00:47:25.310
So where how to capture the packet.

00:47:26.110 --> 00:47:30.290
So you will normally install the PowerPoint in the client side machine.

00:47:30.830 --> 00:47:31.690
Is that what you mean?

00:47:33.250 --> 00:47:33.530
OK.

00:47:33.810 --> 00:47:34.110
Good.

00:47:34.690 --> 00:47:35.290
How about Tanen?

00:47:35.390 --> 00:47:35.910
OK.

00:47:36.790 --> 00:47:38.530
Are you in the same team?

00:47:38.690 --> 00:47:40.710
Are you the same team members?

00:47:41.550 --> 00:47:41.910
Oh no.

00:47:44.470 --> 00:47:48.910
But most of the ways that you are capturing the packet is more or less the same.

00:47:51.190 --> 00:47:51.370
OK.

00:47:52.630 --> 00:47:52.850
All right.

00:47:53.030 --> 00:47:53.590
No worries.

00:47:56.950 --> 00:47:58.370
Back to the site.

00:47:59.450 --> 00:47:59.750
OK.

00:47:59.950 --> 00:48:02.810
This is just a very simple diagram of a network.

00:48:02.810 --> 00:48:07.470
I'm going to show you like what is the.

00:48:07.470 --> 00:48:18.490
Common way or better way of the best way to capturing a sorry to install the workshop and capturing the traffic in the network.

00:48:19.570 --> 00:48:27.610
So just I mentioned normally you will you will install the endpoint and workshop in your client site endpoint the machine right.

00:48:28.010 --> 00:48:31.670
So this is the I think this is the easiest way.

00:48:31.670 --> 00:48:33.970
Normally I would use as well.

00:48:34.690 --> 00:48:41.950
You will use you will install the workshop physically on that device and you keep capture and you stop it.

00:48:42.170 --> 00:48:48.270
And you are able to collect the packet the p cap file is very quick.

00:48:49.710 --> 00:48:52.270
Even though it's dirty but it's free and easy.

00:48:52.470 --> 00:48:52.850
Right.

00:48:53.350 --> 00:48:57.350
So however there are some downsides to Louis to doing this.

00:48:57.550 --> 00:48:58.670
Have you think about this.

00:48:58.950 --> 00:48:59.890
This.

00:49:00.950 --> 00:49:09.170
What are the downside if you install the workshop in our endpoint you know what is the limitation or the bad things.

00:49:11.050 --> 00:49:13.910
If you install the workshop in the endpoint site.

00:49:15.890 --> 00:49:16.270
OK.

00:49:16.750 --> 00:49:16.950
All right.

00:49:17.870 --> 00:49:18.310
Never mind.

00:49:18.530 --> 00:49:18.750
OK.

00:49:18.750 --> 00:49:29.890
For example what I experienced with my clients that previously I know some of my clients are from a huge enterprise.

00:49:30.670 --> 00:49:33.750
Maybe for example for example Panasonic.

00:49:34.370 --> 00:49:45.050
They have the like more than a few for example 30 companies in close countries.

00:49:45.050 --> 00:49:56.810
If they are in point they are using a very very old OS platform which are not which are already obsolete that are not maintaining at all.

00:49:56.810 --> 00:50:01.870
For example Windows 7 XP Windows 8 whatever.

00:50:02.170 --> 00:50:08.450
Or they are using very less RAM memory for example less than 80.

00:50:08.950 --> 00:50:09.830
Just forget.

00:50:10.330 --> 00:50:10.890
Crazy.

00:50:10.890 --> 00:50:19.530
So in that very bad environment they will always encounter some network latency issue.

00:50:20.390 --> 00:50:21.170
Right.

00:50:21.190 --> 00:50:22.710
Because less resource.

00:50:23.230 --> 00:50:33.350
So if I still install the workshop to capture the packet in the environment it will load adding the load to the client that's already loaded down.

00:50:33.570 --> 00:50:35.090
So this is one of possibility.

00:50:35.710 --> 00:50:38.350
So this is something that we want to consider.

00:50:39.290 --> 00:50:55.550
But I think when I'm consulting and helping people to fix their problems this is one of the common option that I might use because at least out the gate and until we get a better idea on how the application is running.

00:50:55.930 --> 00:50:59.970
So normally I will still install the endpoint in the client side.

00:50:59.970 --> 00:51:08.050
But what would be the more ideas to actually capture a packet from the network somewhere is from here.

00:51:09.350 --> 00:51:19.190
So this is the second one of the best way to do that is congregate a span port of a switch or router.

00:51:19.930 --> 00:51:24.310
For example when I install the workshop.

00:51:25.250 --> 00:51:26.810
What is span means?

00:51:27.250 --> 00:51:29.310
Span means for the switch port analyzer.

00:51:30.290 --> 00:51:39.110
It's a feature on many network switches that allow you to monitor network traffic just on that particular traffic path.

00:51:40.350 --> 00:51:43.430
So you won't see anything unless you are part of the conversation.

00:51:43.950 --> 00:51:48.030
It's a specific device and in the particular network path.

00:51:48.030 --> 00:52:11.590
So with a span port you can tell the switch, hey, I'm able to copy all the traffic from this port to all multiple ports with this end point and then send over and copy all the traffic conversation into here.

00:52:11.590 --> 00:52:22.890
So I'm able to see all the copied traffic from the selected ports that's super helpful for troubleshooting or even the security monitoring.

00:52:24.770 --> 00:52:25.970
And what is the downside?

00:52:27.770 --> 00:52:36.610
Actually this, even though this is a better way, but span switch will also be loaded with other traffic.

00:52:37.610 --> 00:52:41.450
So this is something that we need to take into consideration.

00:52:41.970 --> 00:52:52.570
So this is so-called, we always call it over-provisioning because we are given more to the span port that span port is able to handle.

00:52:53.110 --> 00:52:55.350
So what are the consequences?

00:52:56.050 --> 00:53:04.490
It might make the span port to get too busy and keep up with the total traffic stream.

00:53:04.490 --> 00:53:15.370
So it will cause some of the packets might get lost and maybe will cause some of the packets need to be retransmitted.

00:53:15.730 --> 00:53:20.690
So this is more problem will be capturing.

00:53:22.350 --> 00:53:34.230
So another best way is to buy a tap, but this is the best way, but it is not free of charge.

00:53:34.410 --> 00:53:38.390
It's the most expensive option because the taps are free.

00:53:38.470 --> 00:53:48.190
It's a physical device to install in here to break the connection somewhere along the way that allows you to just

00:53:48.190 --> 00:53:54.670
like into the feed that send it over to a laptop or server that's running the wire shock.

00:53:55.610 --> 00:54:04.570
So I won't say which method is the best or worst because it depends on the requirement.

00:54:06.390 --> 00:54:16.210
I can even install a tap in the virtual tap in the cloud or server, or I can install the wire shock in the server.

00:54:16.210 --> 00:54:20.630
Let's say here from this example, I have three servers, one, two, three.

00:54:20.790 --> 00:54:28.310
If I'm going to install wire shock in each server, that means I have three wire shock in different servers

00:54:28.310 --> 00:54:38.390
and I can always like capturing all the clients, like a few thousand clients, traffic to this client and this server A

00:54:38.390 --> 00:54:45.070
and what is the downside? It will cause the server A overloaded as well.

00:54:45.070 --> 00:54:50.270
So honestly, tap is the best solution, but it's charged.

00:54:51.490 --> 00:54:58.430
So span port is the second option, but it's also overloaded span, so it depends on the configuration.

00:54:59.030 --> 00:55:03.490
And one is the quick and easiest way is to install into endpoint.

00:55:05.270 --> 00:55:14.290
If your endpoint machine is not like using the obsolete or not maintaining OS platform,

00:55:15.490 --> 00:55:19.670
the resource, the hardware spec is still quite good enough.

00:55:20.030 --> 00:55:22.210
So that's something you have to consider.

00:55:22.850 --> 00:55:26.710
OK, all right, so let's go to the next.

00:55:26.710 --> 00:55:32.010
I won't, OK, I won't go into deep in the network traffic,

00:55:32.830 --> 00:55:39.150
but just give you some information on normally where the wire shock installed in.

00:55:42.110 --> 00:55:49.290
All right, first package, we already captured the first packet, right?

00:55:49.450 --> 00:55:55.410
And what is the best practice? What is the best practice or guidelines that normally you use?

00:55:56.410 --> 00:56:06.470
OK, before I review the next slide, maybe show me some idea, some idea.

00:56:07.550 --> 00:56:11.170
What is your guideline on capturing a packet?

00:56:12.890 --> 00:56:19.350
Or what is your best practice like, hey, please be highlighted and be noted.

00:56:19.350 --> 00:56:25.010
Normally when capturing a packet, you have to do this, you have to be aware of this,

00:56:25.110 --> 00:56:29.010
and different notes you have to be aware of.

00:56:29.390 --> 00:56:34.770
So share with me what is your guidelines that you are normally following with.

00:56:37.730 --> 00:56:39.710
Any best practice you're going to.

00:56:41.470 --> 00:56:44.850
OK, how about turning maybe you have some.

00:56:45.930 --> 00:56:53.890
OK, so normally the client side are actually not the I mean, not having a heavy traffic, right?

00:56:53.970 --> 00:56:55.010
Just a small packet.

00:56:55.090 --> 00:57:02.750
Normally how many packets that you are normally analyzing in a PCAP entry file.

00:57:03.290 --> 00:57:05.370
Maybe let me know the packet size.

00:57:05.470 --> 00:57:09.850
Then I have I will have an idea about 100 or more than about 100.

00:57:10.130 --> 00:57:16.210
OK, so it's not that huge, but not that complicated environment.

00:57:17.090 --> 00:57:21.030
OK, so let me go into the next slide and you will know.

00:57:21.450 --> 00:57:23.290
OK, let me back into the slide.

00:57:23.290 --> 00:57:25.210
OK, here.

00:57:28.690 --> 00:57:41.030
I'm using the word capture filter at start, but I don't I'm not going to explain what is a capture filter in deeper right now.

00:57:42.370 --> 00:57:50.810
Maybe just a very high level explanation for this capture filter is one of the filtering before you capture your traffic.

00:57:50.810 --> 00:58:01.130
And we can try to narrow down and specify which port, what IP range or what is a protocol you are going to capture.

00:58:01.530 --> 00:58:08.530
So it will limit the packet size for your PCAP entry file.

00:58:09.350 --> 00:58:13.170
So why I said don't use a capture filter at start.

00:58:13.350 --> 00:58:15.810
Do you know why I'm not recommended this?

00:58:15.810 --> 00:58:23.090
Any any ideas why I'm not recommended to use capture filter at the first beginning?

00:58:24.290 --> 00:58:26.530
OK, how about Dunin?

00:58:26.670 --> 00:58:28.910
What is the understanding about capture filter?

00:58:29.070 --> 00:58:32.970
Why I don't recommend to use it in the first start?

00:58:34.710 --> 00:58:36.070
OK, all right.

00:58:36.210 --> 00:58:39.150
OK, let me explain it to you.

00:58:39.150 --> 00:58:44.570
OK, let me cross it here.

00:58:45.550 --> 00:58:47.430
So let me start capturing.

00:58:48.470 --> 00:58:54.010
OK, so when I start capturing, you can see the packet size is keep increasing.

00:58:54.890 --> 00:58:57.610
Now, 10 seconds, 11, 12.

00:58:58.070 --> 00:59:00.110
So you're already up to 6000.

00:59:00.230 --> 00:59:01.590
So let me stop it.

00:59:02.050 --> 00:59:04.310
OK, so let's say.

00:59:05.550 --> 00:59:07.250
I'm opening capture filter.

00:59:07.250 --> 00:59:09.810
So this is the default filtering.

00:59:09.970 --> 00:59:12.170
I'm not modifying yet.

00:59:12.670 --> 00:59:19.350
You can see it will capture best on the filtering rules here.

00:59:20.370 --> 00:59:29.930
OK, so I'm not limited with 443 or I'm not limited at port 0 only.

00:59:30.550 --> 00:59:35.250
I'm capturing with all the traffic by default.

00:59:35.650 --> 00:59:37.470
So I can see UDP.

00:59:37.590 --> 00:59:42.050
I can see TRS and I can see what?

00:59:42.870 --> 00:59:43.610
Let me see.

00:59:44.950 --> 00:59:48.390
No, maybe I'm not triggering something.

00:59:53.450 --> 00:59:57.450
OK, so I have different protocol.

00:59:58.510 --> 01:00:00.530
OK, so I can.

01:00:00.530 --> 01:00:03.590
Let me see.

01:00:04.950 --> 01:00:17.270
So let's say, OK, let's say from here, I'm capturing 6,680 packets.

01:00:18.250 --> 01:00:26.450
And then I'm filtering TCP.fragstats and knowledge equal to 2 or 1.

01:00:26.590 --> 01:00:27.530
OK, let's say 1.

01:00:27.530 --> 01:00:31.630
So my display packet is reduced 3000.

01:00:31.990 --> 01:00:34.470
So I only have 3046.

01:00:35.030 --> 01:00:38.530
It's not more than 50%.

01:00:39.270 --> 01:00:44.630
So I'm only able to see 3000 means it reduces the size of the packets.

01:00:45.090 --> 01:00:47.950
So it's easier and quick for me to analyze.

01:00:48.190 --> 01:00:50.530
But this is the display filter.

01:00:51.150 --> 01:00:52.950
This is not the capture filter.

01:00:52.950 --> 01:01:03.750
So if I remove it, I can see 6,680 packets are displaying here.

01:01:04.190 --> 01:01:06.510
It's a whole lot of packets, right?

01:01:06.950 --> 01:01:09.810
So I want to limit the size.

01:01:10.030 --> 01:01:12.630
I put in some capture filters in here.

01:01:13.310 --> 01:01:18.550
But let's say if I put the wrong filtering, if I put the wrong one,

01:01:18.550 --> 01:01:21.430
I specify it to somewhere.

01:01:22.850 --> 01:01:25.310
And then I'm not able to see UDP.

01:01:25.570 --> 01:01:28.950
I'm not able to see TRS or even the HTTP.

01:01:29.410 --> 01:01:35.430
For example, let's say I might miss out some important packets.

01:01:35.850 --> 01:01:37.650
I might not able to.

01:01:37.690 --> 01:01:42.590
OK, for example, I just want to look for a certain IP address,

01:01:43.030 --> 01:01:45.490
certain port number or certain application.

01:01:46.770 --> 01:01:51.230
And I'm taking a guess as to what we think the problem is.

01:01:51.250 --> 01:02:00.710
I guess, oh, maybe 20 seconds is the one in the pre-lab slow network PCAP file.

01:02:00.870 --> 01:02:05.290
It takes 20 seconds because the packet size is too huge.

01:02:05.610 --> 01:02:09.110
And it's split into two packets.

01:02:09.310 --> 01:02:14.870
And the client takes 20 seconds to respond to the server.

01:02:14.870 --> 01:02:21.170
So I guess, OK, if the network connection is not stable, there's a latency issue.

01:02:21.510 --> 01:02:26.010
So I try to narrow down the capture filter to what I assume.

01:02:27.530 --> 01:02:30.790
OK, for example, I'm having a problem with web pass application.

01:02:31.330 --> 01:02:33.150
OK, just show me only HTTP.

01:02:35.150 --> 01:02:37.890
But what if I'm using HTTPS?

01:02:38.810 --> 01:02:40.410
OK, that's the way.

01:02:42.330 --> 01:02:46.470
OK, let's say, OK.

01:02:47.050 --> 01:02:52.010
So for example, I am OK.

01:02:52.390 --> 01:02:57.510
I'm using HTTP never SSL.com as a sink here.

01:02:57.850 --> 01:03:00.910
OK, let me stop it.

01:03:02.430 --> 01:03:04.870
And OK, capture again.

01:03:05.430 --> 01:03:06.790
Stop it.

01:03:08.190 --> 01:03:12.910
I'm still seeing the protocol with TRS.

01:03:13.450 --> 01:03:16.290
I'm able to see HTTP or not? No.

01:03:16.650 --> 01:03:22.030
So this is something that is not matched with what we expect.

01:03:23.130 --> 01:03:27.770
So we will miss out a lot of packets that are important.

01:03:28.250 --> 01:03:36.110
If the traffic being dropped by the network, let's say, because the packet size is too huge.

01:03:36.110 --> 01:03:43.650
And the client getting ICMP message back from the switches and routers telling me of a problem of the network.

01:03:44.330 --> 01:03:48.710
Well, but I'm able to capture the packet only for HTTP.

01:03:49.110 --> 01:03:53.070
So am I able to see those packets in the capture file? No.

01:03:53.670 --> 01:04:00.190
Right. So because I already made an assumption on what I thought on the application was.

01:04:00.190 --> 01:04:04.170
But in fact, it was a different port or it was a different conversation.

01:04:04.230 --> 01:04:10.470
Use different protocols in both different protocols like ICMP, HTTP, TRS, whatever.

01:04:11.010 --> 01:04:11.710
So on and so forth.

01:04:12.210 --> 01:04:18.490
So as a best practice, I don't want to use a packet captures or capture filters at the very beginning of our dress.

01:04:18.870 --> 01:04:28.110
Unless you are very, very confident on what are the port application IP that you are going to capture.

01:04:28.110 --> 01:04:38.110
OK. For example, in the server side, I only want to capture the packets from this machine.

01:04:38.270 --> 01:04:42.590
I mean, my machine with the IP address one zero two.

01:04:42.950 --> 01:04:52.870
So I can I can just put a filter that fix the limit, the packets from the IP address.

01:04:53.090 --> 01:04:55.430
But if not, please don't do it.

01:04:55.430 --> 01:05:03.430
OK. OK, so second one capture on client end.

01:05:04.250 --> 01:05:10.690
OK. Why when we begin capture, we want to start by capturing on the client side.

01:05:11.230 --> 01:05:12.950
That's why I said that a lot of downside, right?

01:05:13.050 --> 01:05:23.190
If your client and points is already overloaded, you will the wire shock capturing traffic will add the load to the client.

01:05:23.190 --> 01:05:28.490
But then why now I'm saying, OK, we begin capture on the client side.

01:05:29.010 --> 01:05:35.390
OK. Maybe you can guess why I'm.

01:05:35.570 --> 01:05:41.130
I'm saying this. Any ideas trying to no brainstorm.

01:05:41.490 --> 01:05:45.130
OK. Let me OK.

01:05:45.290 --> 01:05:50.490
Go ahead. Yeah. Yeah. Yeah.

01:05:50.490 --> 01:05:54.490
OK. Yeah. You get the right answer.

01:05:55.430 --> 01:06:01.130
So I give one example. OK, let's say let me think.

01:06:02.630 --> 01:06:10.290
OK. So one of the reason why we want to start this start on the client side is because, look,

01:06:10.830 --> 01:06:16.250
these things can get very large packet captures can get huge.

01:06:16.250 --> 01:06:21.050
Right. So we want to have things be as simple as possible.

01:06:21.050 --> 01:06:30.770
So if you are beginning to troubleshoot an issue, you can just go ahead, go to the client, particular client that you know.

01:06:31.610 --> 01:06:38.630
Who is encountered a problem, which end point are having that issue and have them shut down everything.

01:06:38.630 --> 01:06:51.150
For example, you can try to their own issue by cross out the mail, cross out the browsers, cross out that streaming audio or that podcast that they are listening to.

01:06:51.930 --> 01:06:59.350
Or you want to add more static or more background noise to important packets that you are going to looking for.

01:07:00.150 --> 01:07:06.570
OK. So look, this is already hard enough because you want to make it less hard on yourself.

01:07:06.570 --> 01:07:10.610
Right. So we can start on the client side.

01:07:11.870 --> 01:07:18.050
So once you start on the client side, you can get a good picture of what system does the client communicate with.

01:07:18.790 --> 01:07:26.570
So, for example, OK, let's just talk to DNS space or does it go and talk to an authentication server?

01:07:26.570 --> 01:07:31.730
For example, just now I show you the network tab. We do have the active section.

01:07:32.210 --> 01:07:39.290
If that is using HBS protocol, it will have authentication token.

01:07:40.910 --> 01:07:45.050
Is the client using a valid token to communicate with the server?

01:07:46.750 --> 01:07:52.110
Or does it go to the cloud or does it go to our local data center?

01:07:52.110 --> 01:07:59.610
So we are able to determine that by starting out looking at the client to see what the system actually communicate with.

01:08:01.130 --> 01:08:07.630
So that's why I strongly recommend to use a ring buffer for long term capture.

01:08:08.270 --> 01:08:10.810
So this is one of the best practice.

01:08:10.810 --> 01:08:15.770
OK. Do you still remember what is the ring buffer is?

01:08:15.990 --> 01:08:22.170
OK. Maybe share with me on what you understand about ring buffer.

01:08:24.390 --> 01:08:38.070
A ring buffer actually just imagine is a repeated storing mechanism applying to the rules here that you configure with.

01:08:38.070 --> 01:08:45.070
And you will override the file started with the number one numbering.

01:08:45.630 --> 01:08:50.530
Yeah, up to no. This process that I already fixed.

01:08:51.090 --> 01:08:54.770
So you won't fill up the system drive.

01:08:55.170 --> 01:08:59.070
You won't make your client platform crash.

01:09:00.650 --> 01:09:06.390
OK. It won't make the file size become huge until it's very hard for you to troubleshoot on.

01:09:06.390 --> 01:09:07.810
OK. Get it.

01:09:09.310 --> 01:09:13.010
All right. So come back to here.

01:09:14.950 --> 01:09:15.350
So OK.

01:09:16.910 --> 01:09:20.670
So I highlighted for long term capture.

01:09:21.170 --> 01:09:25.610
But if this is a quick capture, don't need to use ring buffer is fine.

01:09:25.970 --> 01:09:33.390
But if the long term capture for monitoring in specific problem that is not always reproducible,

01:09:33.390 --> 01:09:40.810
very tricky problem that only happen in specific environment or network or resource.

01:09:41.470 --> 01:09:42.910
So just use ring buffer.

01:09:44.110 --> 01:09:53.990
OK. Because of you don't have a clear picture on exactly when the problem occurs and what time.

01:09:55.810 --> 01:10:03.770
Yeah. And then we are not able to reproduce on our environment or our team members environment.

01:10:04.330 --> 01:10:11.750
So make use of the long term capture that I show you just now that is ring buffer to collect traffic over time.

01:10:13.110 --> 01:10:19.230
So doing so, you can collect smaller files instead of one huge file that we have to dig through later.

01:10:20.230 --> 01:10:22.650
OK. All right. Next.

01:10:24.270 --> 01:10:27.230
Make sure the problem happens while capturing.

01:10:28.470 --> 01:10:34.150
OK. What is that means? Maybe any one of you can try.

01:10:34.970 --> 01:10:40.970
Make sure when you're capturing the problem is happening. Is it possible in the real case?

01:10:44.170 --> 01:10:48.130
OK. OK. So I think this practice.

01:10:51.430 --> 01:10:57.970
OK. For example, I give you one real case, one use case, one use case.

01:10:58.450 --> 01:11:04.310
The client sent me 10 log files, 10 picket files.

01:11:04.310 --> 01:11:14.770
OK, 10. So for me, while we stand, I need to know open up all the files and analyze one by one.

01:11:16.770 --> 01:11:21.310
But do you believe that all the files having the specific problems?

01:11:23.250 --> 01:11:25.950
Don't write. I won't. I don't think so.

01:11:26.510 --> 01:11:30.190
It might happen in specific packet file. Right.

01:11:30.190 --> 01:11:36.230
So OK. And then the remember the methodologies.

01:11:36.830 --> 01:11:39.570
I will try to reproduce on my end.

01:11:40.010 --> 01:11:44.290
So I found some clues. I will try to reproduce.

01:11:44.890 --> 01:11:49.010
So that is the practice that tell me make sure the problem happens while capturing.

01:11:49.710 --> 01:11:57.290
I will start to capture while I'm reporting reproduced that particular reproduced steps that provided by my client.

01:11:57.290 --> 01:12:01.290
For example, when I click login button, it felt OK.

01:12:01.970 --> 01:12:05.190
When I click, then before I click, I try to capture.

01:12:06.330 --> 01:12:09.930
After I click, OK, maybe wait for a few seconds. I try to stop.

01:12:10.290 --> 01:12:14.730
So that is the idea on make sure the problem happens while capturing.

01:12:16.910 --> 01:12:20.590
OK, so this is something wrong with those big gaps.

01:12:21.530 --> 01:12:30.210
If you're capturing from beginning when you open the browser and type in the URL and then until you log out.

01:12:30.850 --> 01:12:35.810
So actually that particular problem only occur in a particular step.

01:12:36.250 --> 01:12:41.570
So all the problem never actually occur when we are watching because you never hit the login button.

01:12:41.570 --> 01:12:51.450
Maybe you just access to the browser website and then go to check your amount and doing some other transaction.

01:12:52.210 --> 01:12:57.030
But actually you are not performing that step with the problem.

01:12:58.370 --> 01:13:06.870
So make sure that you already confidently capture the problem, not just in the time, but in the place where you are physically capturing from.

01:13:06.870 --> 01:13:13.530
OK, so in last, the tab that I mentioned is expensive.

01:13:14.250 --> 01:13:21.470
It's not free of charge, but it's something that if your environment is too complicated,

01:13:22.030 --> 01:13:29.490
maybe it's a good idea to recommend to your company to invest in the network tab.

01:13:29.490 --> 01:13:40.430
Maybe it's not super expensive, but any protocol analyst is going to want to have one of these in their backpack.

01:13:41.190 --> 01:13:46.150
Even just 100 megabit per second or gigabyte copper on one tab.

01:13:46.470 --> 01:13:51.330
But that's something we can ever find on Amazon if we have to.

01:13:52.330 --> 01:13:57.290
So maybe in the next level or maybe in future,

01:13:57.370 --> 01:14:03.770
you have more complicated environment or more problems that encounter in the client side.

01:14:04.030 --> 01:14:08.030
Maybe that's another thing that you are going to considering.

01:14:09.770 --> 01:14:14.350
All right, I think let me double check.

01:14:15.390 --> 01:14:25.350
OK, so before we end the lesson 1, I'm going to share a link to you.

01:14:26.290 --> 01:14:28.570
Let me open next slide.

01:14:28.730 --> 01:14:39.050
OK, I have prepared a quiz that helps you to recall some of the lessons.

01:14:40.050 --> 01:14:43.050
We only have lesson 1 and basic network chart,

01:14:43.050 --> 01:14:50.950
but I think it helps you to recall some of the memories and basic knowledge that we learned just now.

01:14:51.430 --> 01:14:58.150
I'm trying to use different quiz macros, but then I found that Google for me is the best one to use.

01:14:58.710 --> 01:15:01.370
So just a few quiz questions.

01:15:01.650 --> 01:15:05.030
When you try to answer it, there are multiple options.

01:15:05.030 --> 01:15:07.070
You can select our answer and click next.

01:15:07.190 --> 01:15:10.630
Think about it properly, don't make it very fast.

01:15:10.850 --> 01:15:14.210
Just read one by one, select the option, click next.

01:15:14.550 --> 01:15:19.810
And then until the end, when you completed and submit, you can view your score.

01:15:20.490 --> 01:15:25.890
You can view your score and you can view the correct answer with the explanation.

01:15:27.610 --> 01:15:29.390
Just for your fun.

01:15:29.390 --> 01:15:34.030
OK, I'm going to share the link to you in the chat.

01:15:36.250 --> 01:15:37.530
Copy link.

01:15:40.210 --> 01:15:45.690
OK, I send the link in the chat.

01:15:46.230 --> 01:15:49.350
Can you try to open it in your desktop?

01:15:49.430 --> 01:15:55.530
I want to ensure that you are able to access it and see the question, but please don't start.

01:16:00.950 --> 01:16:03.670
I will connect the link in the desktop.

01:16:04.530 --> 01:16:05.810
Let me refresh.

01:16:09.550 --> 01:16:12.650
OK, I'm opening in my machine as well.

01:16:12.770 --> 01:16:14.750
Don't know it's a bit like it.

01:16:24.430 --> 01:16:27.950
Yes, I'm sharing the link.

01:16:32.910 --> 01:16:34.930
OK, OK, all right.

01:16:35.570 --> 01:16:41.910
OK, so as per Alex, so you can use our laptop for the quiz.

01:16:41.910 --> 01:16:43.670
It's just a Google phone.

01:16:46.270 --> 01:16:51.910
OK, so OK, don't don't don't look on the question first, please.

01:16:52.530 --> 01:16:54.170
So let me minimize it.

01:16:54.290 --> 01:16:57.590
So I think now is eleven fifty.

01:16:58.070 --> 01:17:04.610
So we take ten minutes for the quiz answering and then we come back.

01:17:05.410 --> 01:17:08.890
So we are going to have a lunch break after the quiz.

01:17:09.070 --> 01:17:09.910
Is that OK?

01:17:09.910 --> 01:17:12.430
So maybe we can discuss after the lunch.

01:17:13.650 --> 01:17:16.150
So I'm not sure.

01:17:16.490 --> 01:17:19.830
Alex, normally how long for the lunch break time?

01:17:20.050 --> 01:17:22.070
Is it flexible for us to decide?

01:17:26.730 --> 01:17:33.850
OK, OK, so I think we can after the quiz, we can go directly for your lunch.

01:17:34.250 --> 01:17:38.330
All right, so we will meet up at one p.m.

01:17:38.330 --> 01:17:40.050
All right, OK.

01:17:41.410 --> 01:17:41.830
All right.

01:17:41.950 --> 01:17:43.490
See you later after lunch.

01:17:44.310 --> 01:17:45.090
Thank you.

01:18:36.990 --> 01:18:38.070
Thank you.

01:18:57.010 --> 01:18:57.070
Thank you.

01:19:25.030 --> 01:19:25.690
Thank you.

01:19:56.930 --> 01:19:56.990
Thank you.

01:20:36.390 --> 01:20:38.070
Thank you.

01:20:55.930 --> 01:20:58.290
Thank you.

01:21:37.030 --> 01:21:38.050
Thank you.

01:21:46.870 --> 01:21:47.710
Thank you.

01:21:47.710 --> 01:21:48.090
Thank you.

01:21:48.110 --> 01:21:52.090
Thank you.

01:22:05.950 --> 01:22:07.230
Thank you.

01:22:07.230 --> 01:22:08.330
Thank you.

01:22:08.330 --> 01:22:11.270
Oh, I'm so sorry.

01:22:19.450 --> 01:22:22.110
Oh, I'm so sorry.

01:22:22.290 --> 01:22:22.750
Oh.

01:22:39.530 --> 01:22:42.330
Thank you.

01:22:42.410 --> 01:22:46.330
Thank you.

01:22:46.330 --> 01:22:48.330
Thank you.

01:23:52.350 --> 01:23:53.750
Thank you.

01:24:29.370 --> 01:24:30.770
Thank you.

01:24:47.170 --> 01:24:49.170
Thank you.

01:25:29.770 --> 01:25:31.170
Thank you.

01:26:00.250 --> 01:26:01.650
Thank you.

01:26:19.610 --> 01:26:21.010
Thank you.

01:27:20.210 --> 01:27:21.610
.

01:27:21.610 --> 01:27:21.630
.

01:27:37.250 --> 01:27:38.650
.

01:27:38.650 --> 01:27:38.670
.

01:27:43.230 --> 01:27:43.670
.

01:27:58.870 --> 01:28:00.270
.

01:28:00.270 --> 01:28:00.290
.

01:28:04.330 --> 01:28:05.730
.

01:28:05.730 --> 01:28:05.890
.

01:28:20.850 --> 01:28:22.250
.

01:28:22.250 --> 01:28:22.270
.

01:28:25.530 --> 01:28:26.930
.

01:28:40.630 --> 01:28:42.030
.

01:28:49.050 --> 01:28:50.450
.

01:29:16.070 --> 01:29:17.470
.

01:29:17.470 --> 01:29:17.610
.

01:29:29.490 --> 01:29:30.890
.

01:29:34.150 --> 01:29:35.550
.

01:29:51.310 --> 01:29:52.710
.

01:29:52.710 --> 01:29:52.730
.

01:29:56.810 --> 01:29:58.210
.

01:30:09.570 --> 01:30:10.970
.

01:30:14.230 --> 01:30:15.630
.

01:30:28.010 --> 01:30:29.410
.

01:30:34.150 --> 01:30:34.410
.

01:30:57.390 --> 01:30:58.790
.

01:30:58.790 --> 01:30:59.190
.

01:30:59.190 --> 01:30:59.270
.

01:31:02.530 --> 01:31:03.930
.

01:31:03.930 --> 01:31:04.170
.

01:31:17.390 --> 01:31:18.790
.

01:31:20.350 --> 01:31:21.750
.

01:31:29.090 --> 01:31:30.490
.

01:31:33.250 --> 01:31:34.650
.

01:31:45.070 --> 01:31:45.490
.

01:31:50.210 --> 01:31:51.610
.

01:32:03.750 --> 01:32:05.150
.

01:32:10.310 --> 01:32:10.590
.

01:32:10.590 --> 01:32:10.730
.

01:32:27.170 --> 01:32:27.450
.

01:32:27.450 --> 01:32:27.470
.

01:32:27.470 --> 01:32:27.490
.

01:32:31.310 --> 01:32:32.710
.

01:32:32.710 --> 01:32:32.730
.

01:32:37.190 --> 01:32:38.590
.

01:32:39.990 --> 01:32:41.390
.

01:32:55.890 --> 01:32:57.290
.

01:32:57.290 --> 01:32:59.430
.

01:33:11.610 --> 01:33:12.290
.

01:33:16.590 --> 01:33:17.990
.

01:33:17.990 --> 01:33:18.890
.

01:33:23.090 --> 01:33:24.490
.

01:33:26.370 --> 01:33:27.770
.

01:33:31.470 --> 01:33:32.870
.

01:33:32.870 --> 01:33:32.970
.

01:33:35.790 --> 01:33:37.190
.

01:33:52.570 --> 01:33:53.970
.

01:33:53.970 --> 01:33:53.990
.

01:33:53.990 --> 01:33:54.010
.

01:33:57.570 --> 01:33:58.970
.

01:34:13.590 --> 01:34:14.990
.

01:34:14.990 --> 01:34:17.070
.

01:34:17.070 --> 01:34:17.090
.

01:34:28.930 --> 01:34:30.330
.

01:34:33.050 --> 01:34:34.450
.

01:34:43.690 --> 01:34:45.090
.

01:34:49.550 --> 01:34:50.090
.

01:35:03.430 --> 01:35:04.830
.

01:35:04.830 --> 01:35:04.910
.

01:35:08.150 --> 01:35:09.550
.

01:35:23.270 --> 01:35:24.670
.

01:35:28.250 --> 01:35:29.650
.

01:35:34.810 --> 01:35:36.210
.

01:35:36.210 --> 01:35:36.350
.

01:35:36.350 --> 01:35:39.050
.

01:35:54.690 --> 01:35:56.090
.

01:35:59.750 --> 01:36:01.150
.

01:36:16.230 --> 01:36:17.630
.

01:36:17.630 --> 01:36:17.650
.

01:36:23.730 --> 01:36:25.130
.

01:36:32.990 --> 01:36:34.390
.

01:36:35.970 --> 01:36:37.370
.

01:36:37.370 --> 01:36:39.050
.

01:36:39.050 --> 01:36:40.550
.

01:36:54.410 --> 01:36:55.810
.

01:36:59.050 --> 01:37:00.450
.

01:37:13.370 --> 01:37:14.770
.

01:37:18.510 --> 01:37:19.910
.

01:37:33.130 --> 01:37:34.530
.

01:38:03.230 --> 01:38:03.910
.

01:38:03.910 --> 01:38:04.050
.

01:38:04.050 --> 01:38:04.390
.

01:38:07.670 --> 01:38:09.070
.

01:38:14.390 --> 01:38:14.690
.

01:38:14.690 --> 01:38:16.610
.

01:38:16.610 --> 01:38:16.830
.

01:38:28.010 --> 01:38:29.410
.

01:38:33.130 --> 01:38:34.530
.

01:38:46.690 --> 01:38:48.090
.

01:38:48.090 --> 01:38:50.030
.

01:38:57.930 --> 01:38:59.330
.

01:38:59.330 --> 01:38:59.490
.

01:38:59.490 --> 01:39:01.210
.

01:39:06.650 --> 01:39:08.050
.

01:39:08.050 --> 01:39:10.750
.

01:39:18.510 --> 01:39:19.910
.

01:39:23.950 --> 01:39:25.350
.

01:39:25.350 --> 01:39:25.530
.

01:39:47.770 --> 01:39:49.170
.

01:39:49.170 --> 01:39:49.190
.

01:39:51.770 --> 01:39:53.170
.

01:39:58.850 --> 01:40:00.250
.

01:40:28.230 --> 01:40:29.630
.

01:40:29.630 --> 01:40:29.770
.

01:40:33.050 --> 01:40:34.450
.

01:40:49.930 --> 01:40:51.330
.

01:40:51.330 --> 01:40:51.350
.

01:40:51.350 --> 01:40:51.370
.

01:40:55.390 --> 01:40:56.790
.

01:40:56.790 --> 01:40:56.950
.

01:41:09.710 --> 01:41:11.110
.

01:41:11.110 --> 01:41:11.190
.

01:41:40.470 --> 01:41:40.710
.

01:41:40.710 --> 01:41:40.950
.

01:41:40.950 --> 01:41:41.070
.

01:41:41.070 --> 01:41:41.090
.

01:41:41.090 --> 01:41:41.170
.

01:41:44.390 --> 01:41:45.790
.

01:41:55.610 --> 01:41:56.170
.

01:41:57.010 --> 01:41:57.030
.

01:41:57.030 --> 01:41:57.050
.

01:41:59.450 --> 01:42:00.850
.

01:42:15.370 --> 01:42:16.770
.

01:42:16.770 --> 01:42:16.790
.

01:42:16.790 --> 01:42:16.810
.

01:42:19.570 --> 01:42:20.970
.

01:42:30.130 --> 01:42:31.530
.

01:42:36.750 --> 01:42:38.150
.

01:43:00.070 --> 01:43:01.470
.

01:43:01.470 --> 01:43:01.490
.

01:43:01.490 --> 01:43:01.510
.

01:43:06.850 --> 01:43:07.010
.

01:43:07.010 --> 01:43:07.090
.

01:43:22.830 --> 01:43:22.990
.

01:43:22.990 --> 01:43:23.010
.

01:43:23.010 --> 01:43:23.030
.

01:43:27.370 --> 01:43:28.030
.

01:43:35.230 --> 01:43:36.630
.

01:43:41.730 --> 01:43:42.050
.

01:43:42.050 --> 01:43:42.210
.

01:43:57.850 --> 01:43:58.170
.

01:43:58.170 --> 01:43:58.190
.

01:43:58.190 --> 01:43:58.210
.

01:44:01.950 --> 01:44:03.350
.

01:44:08.290 --> 01:44:09.690
.

01:44:12.930 --> 01:44:14.330
.

01:44:30.610 --> 01:44:32.010
.

01:44:32.010 --> 01:44:32.030
.

01:44:37.270 --> 01:44:38.670
.

01:44:41.730 --> 01:44:43.130
.

01:44:47.510 --> 01:44:48.130
.

01:45:01.470 --> 01:45:02.870
.

01:45:02.870 --> 01:45:02.990
.

01:45:06.950 --> 01:45:08.350
.

01:45:23.210 --> 01:45:24.610
.

01:45:24.610 --> 01:45:24.630
.

01:45:24.630 --> 01:45:24.650
.

01:45:28.690 --> 01:45:30.090
.

01:45:30.090 --> 01:45:30.290
.

01:45:34.990 --> 01:45:36.390
.

01:45:40.310 --> 01:45:41.710
.

01:45:53.970 --> 01:45:55.370
.

01:45:55.370 --> 01:45:55.390
.

01:45:55.390 --> 01:45:55.410
.

01:45:58.690 --> 01:46:00.090
.

01:46:15.150 --> 01:46:16.550
.

01:46:16.550 --> 01:46:19.210
.

01:46:26.550 --> 01:46:27.210
.

01:46:31.210 --> 01:46:32.610
.

01:46:32.610 --> 01:46:33.190
.

01:46:44.090 --> 01:46:45.490
.

01:46:49.070 --> 01:46:50.470
.

01:47:03.090 --> 01:47:04.490
.

01:47:04.490 --> 01:47:04.510
.

01:47:04.510 --> 01:47:04.530
.

01:47:08.570 --> 01:47:09.970
.

01:47:09.970 --> 01:47:10.110
.

01:47:24.450 --> 01:47:25.850
.

01:47:29.110 --> 01:47:30.510
.

01:47:44.190 --> 01:47:45.590
.

01:47:45.590 --> 01:47:45.610
.

01:47:45.610 --> 01:47:45.630
.

01:47:49.590 --> 01:47:50.990
.

01:47:55.810 --> 01:47:57.210
.

01:48:00.770 --> 01:48:02.170
.

01:48:16.310 --> 01:48:17.710
.

01:48:17.710 --> 01:48:19.850
.

01:48:31.590 --> 01:48:32.990
.

01:48:36.950 --> 01:48:38.350
.

01:49:00.930 --> 01:49:02.330
.

01:49:02.330 --> 01:49:02.350
.

01:49:02.350 --> 01:49:02.970
.

01:49:06.190 --> 01:49:07.590
.

01:49:20.650 --> 01:49:22.050
.

01:49:22.050 --> 01:49:22.070
.

01:49:22.070 --> 01:49:22.090
.

01:49:25.370 --> 01:49:26.770
.

01:49:40.410 --> 01:49:41.810
.

01:49:41.810 --> 01:49:41.870
.

01:49:45.150 --> 01:49:46.550
.

01:49:46.550 --> 01:49:47.630
.

01:50:01.510 --> 01:50:02.910
.

01:50:02.910 --> 01:50:02.930
.

01:50:02.930 --> 01:50:02.950
.

01:50:06.230 --> 01:50:07.630
.

01:50:19.990 --> 01:50:21.390
.

01:50:21.390 --> 01:50:21.410
.

01:50:25.410 --> 01:50:26.810
.

01:50:26.810 --> 01:50:26.990
.

01:50:39.010 --> 01:50:40.410
.

01:50:43.690 --> 01:50:45.090
.

01:50:57.550 --> 01:50:58.950
.

01:50:58.950 --> 01:50:58.970
.

01:50:58.970 --> 01:50:58.990
.

01:51:04.110 --> 01:51:04.430
.

01:51:04.430 --> 01:51:04.590
.

01:51:17.690 --> 01:51:18.010
.

01:51:18.010 --> 01:51:18.030
.

01:51:18.030 --> 01:51:18.050
.

01:51:45.770 --> 01:51:47.170
.

01:51:47.170 --> 01:51:47.390
.

01:51:47.390 --> 01:51:47.530
.

01:51:58.870 --> 01:52:00.270
.

01:52:00.270 --> 01:52:00.990
.

01:52:00.990 --> 01:52:01.130
.

01:52:17.590 --> 01:52:18.990
.

01:52:18.990 --> 01:52:19.570
.

01:52:19.570 --> 01:52:21.490
.

01:52:47.030 --> 01:52:48.430
.

01:52:48.430 --> 01:52:48.450
.

01:52:48.450 --> 01:52:50.350
.

01:53:08.150 --> 01:53:09.550
.

01:53:09.550 --> 01:53:09.570
.

01:53:17.030 --> 01:53:18.430
.

01:53:21.670 --> 01:53:23.070
.

01:53:38.130 --> 01:53:39.530
.

01:53:39.530 --> 01:53:39.550
.

01:53:39.550 --> 01:53:39.570
.

01:53:43.490 --> 01:53:44.890
.

01:53:57.970 --> 01:53:59.370
.

01:53:59.370 --> 01:53:59.430
.

01:54:02.690 --> 01:54:04.090
.

01:54:17.110 --> 01:54:18.510
.

01:54:18.510 --> 01:54:18.530
.

01:54:18.530 --> 01:54:18.550
.

01:54:21.810 --> 01:54:23.210
.

01:54:28.590 --> 01:54:29.990
.

01:54:33.650 --> 01:54:35.050
.

01:54:58.170 --> 01:54:59.570
.

01:55:29.470 --> 01:55:29.510
.

01:55:29.510 --> 01:55:29.530
.

01:55:29.530 --> 01:55:29.550
.

01:55:29.550 --> 01:55:30.390
.

01:55:30.390 --> 01:55:31.770
.

01:55:41.710 --> 01:55:43.110
.

01:55:43.110 --> 01:55:45.290
.

01:55:45.290 --> 01:55:45.310
.

01:55:53.110 --> 01:55:53.850
.

01:55:53.850 --> 01:55:55.370
.

01:55:55.370 --> 01:55:55.390
.

01:56:03.610 --> 01:56:05.010
.

01:56:05.010 --> 01:56:07.030
.

01:56:07.030 --> 01:56:07.050
.

01:56:08.770 --> 01:56:10.170
.

01:56:10.170 --> 01:56:10.570
.

01:56:10.570 --> 01:56:12.510
.

01:56:16.350 --> 01:56:17.750
.

01:56:17.750 --> 01:56:19.310
.

01:56:19.310 --> 01:56:20.010
.

01:56:45.930 --> 01:56:47.330
.

01:56:47.330 --> 01:56:49.090
.

01:56:59.910 --> 01:57:01.310
.

01:57:04.550 --> 01:57:05.950
.

01:57:29.450 --> 01:57:30.850
.

01:57:30.850 --> 01:57:31.030
.

01:57:31.030 --> 01:57:33.430
.

01:57:33.430 --> 01:57:34.570
.

01:57:36.450 --> 01:57:37.850
.

01:57:37.850 --> 01:57:38.630
.

01:57:41.890 --> 01:57:43.290
.

01:57:46.890 --> 01:57:48.290
.

01:57:48.290 --> 01:57:48.330
.

01:57:48.330 --> 01:57:48.430
.

01:57:52.130 --> 01:57:53.530
.

01:57:56.910 --> 01:57:58.310
.

01:57:58.310 --> 01:58:00.230
.

01:58:00.230 --> 01:58:00.390
.

01:58:08.310 --> 01:58:08.630
.

01:58:11.490 --> 01:58:12.890
.

01:58:18.630 --> 01:58:19.510
.

01:58:19.510 --> 01:58:19.530
.

01:58:23.450 --> 01:58:24.850
.

01:58:24.850 --> 01:58:25.270
.

01:58:29.550 --> 01:58:30.950
.

01:58:35.090 --> 01:58:35.950
.

01:58:49.050 --> 01:58:50.450
.

01:58:50.450 --> 01:58:50.470
.

01:58:50.470 --> 01:58:50.490
.

01:58:55.650 --> 01:58:55.930
.

01:58:55.930 --> 01:58:56.070
.

01:59:12.290 --> 01:59:12.570
.

01:59:12.570 --> 01:59:12.590
.

01:59:12.590 --> 01:59:12.610
.

01:59:15.890 --> 01:59:17.290
.

01:59:31.030 --> 01:59:32.430
.

01:59:32.430 --> 01:59:33.550
.

01:59:33.550 --> 01:59:34.530
.

01:59:49.650 --> 01:59:51.050
.

01:59:53.790 --> 01:59:55.190
.

02:00:04.790 --> 02:00:06.190
.

02:00:10.170 --> 02:00:11.570
.

02:00:11.570 --> 02:00:11.590
.

02:00:27.090 --> 02:00:28.490
.

02:00:28.490 --> 02:00:28.510
.

02:00:28.510 --> 02:00:28.530
.

02:00:28.530 --> 02:00:28.550
.

02:00:55.510 --> 02:00:56.070
.

02:00:56.070 --> 02:00:56.350
.

02:00:57.930 --> 02:00:58.490
.

02:01:24.890 --> 02:01:26.290
.

02:01:26.290 --> 02:01:28.330
.

02:01:28.330 --> 02:01:28.470
.

02:01:28.470 --> 02:01:29.910
.

02:01:44.450 --> 02:01:45.850
.

02:01:45.850 --> 02:01:45.870
.

02:01:45.870 --> 02:01:45.890
.

02:02:14.470 --> 02:02:15.870
.

02:02:15.870 --> 02:02:17.490
.

02:02:17.490 --> 02:02:17.530
.

02:02:25.870 --> 02:02:26.630
.

02:02:26.630 --> 02:02:27.110
.

02:02:27.110 --> 02:02:29.330
.

02:02:54.850 --> 02:02:56.250
.

02:02:56.250 --> 02:02:58.290
.

02:02:58.290 --> 02:02:58.310
.

02:03:03.030 --> 02:03:04.430
.

02:03:04.430 --> 02:03:06.170
.

02:03:06.170 --> 02:03:06.330
.

02:03:21.410 --> 02:03:22.810
.

02:03:22.810 --> 02:03:24.030
.

02:03:24.030 --> 02:03:24.230
.

02:03:32.430 --> 02:03:33.830
.

02:03:33.830 --> 02:03:35.830
.

02:03:35.830 --> 02:03:35.930
.

02:03:43.430 --> 02:03:44.830
.

02:03:48.110 --> 02:03:49.510
.

02:04:01.810 --> 02:04:03.210
.

02:04:03.210 --> 02:04:03.230
.

02:04:03.230 --> 02:04:03.250
.

02:04:06.530 --> 02:04:07.930
.

02:04:13.270 --> 02:04:14.670
.

02:04:18.010 --> 02:04:19.410
.

02:04:19.410 --> 02:04:19.890
.

02:04:24.290 --> 02:04:25.690
.

02:04:27.490 --> 02:04:27.930
.

02:04:27.930 --> 02:04:28.150
.

02:04:33.610 --> 02:04:34.050
.

02:04:34.050 --> 02:04:34.070
.

02:04:34.070 --> 02:04:34.090
.

02:04:34.090 --> 02:04:35.350
.

02:04:35.350 --> 02:04:35.490
.

02:04:43.730 --> 02:04:45.130
.

02:05:13.710 --> 02:05:15.110
.

02:05:15.110 --> 02:05:16.490
.

02:05:16.490 --> 02:05:16.510
.

02:05:24.810 --> 02:05:26.210
.

02:05:26.210 --> 02:05:28.070
.

02:05:28.070 --> 02:05:28.650
.

02:05:36.410 --> 02:05:37.810
.

02:05:37.810 --> 02:05:39.950
.

02:05:39.950 --> 02:05:40.030
.

02:05:48.210 --> 02:05:49.610
.

02:05:53.590 --> 02:05:54.990
.

02:06:06.670 --> 02:06:08.070
.

02:06:08.070 --> 02:06:08.090
.

02:06:11.270 --> 02:06:12.670
.

02:06:26.390 --> 02:06:27.790
.

02:06:27.790 --> 02:06:27.810
.

02:06:27.810 --> 02:06:27.830
.

02:06:27.830 --> 02:06:29.730
.

02:06:55.990 --> 02:06:57.390
.

02:06:57.390 --> 02:06:57.590
.

02:06:57.590 --> 02:06:57.810
.

02:07:01.070 --> 02:07:02.470
.

02:07:15.350 --> 02:07:16.750
.

02:07:16.750 --> 02:07:16.770
.

02:07:16.770 --> 02:07:16.790
.

02:07:21.510 --> 02:07:21.790
.

02:07:44.890 --> 02:07:46.290
.

02:07:46.290 --> 02:07:46.390
.

02:07:46.390 --> 02:07:48.450
.

02:08:03.590 --> 02:08:04.990
.

02:08:08.210 --> 02:08:09.610
.

02:08:32.950 --> 02:08:34.350
.

02:08:34.350 --> 02:08:35.110
.

02:08:35.110 --> 02:08:36.770
.

02:08:54.310 --> 02:08:55.710
.

02:08:55.710 --> 02:08:55.730
.

02:08:55.730 --> 02:08:55.750
.

02:08:55.750 --> 02:08:58.130
.

02:08:58.130 --> 02:08:58.150
.

02:09:05.750 --> 02:09:06.210
.

02:09:06.210 --> 02:09:06.530
.

02:09:06.530 --> 02:09:08.510
.

02:09:16.210 --> 02:09:17.070
.

02:09:17.070 --> 02:09:17.150
.

02:09:17.150 --> 02:09:18.650
.

02:09:18.650 --> 02:09:18.810
.

02:09:33.550 --> 02:09:34.950
.

02:09:37.670 --> 02:09:39.070
.

02:09:42.390 --> 02:09:43.790
.

02:09:43.790 --> 02:09:44.090
.

02:09:46.590 --> 02:09:47.990
.

02:09:57.130 --> 02:09:58.530
.

02:09:58.530 --> 02:10:00.510
.

02:10:03.530 --> 02:10:03.970
.

02:10:16.870 --> 02:10:18.270
.

02:10:22.310 --> 02:10:23.710
.

02:10:23.710 --> 02:10:23.750
.

02:10:37.250 --> 02:10:38.650
.

02:10:40.730 --> 02:10:42.130
.

02:10:57.010 --> 02:10:58.410
.

02:10:58.410 --> 02:10:58.470
.

02:10:58.470 --> 02:10:59.950
.

02:10:59.950 --> 02:11:00.450
.

02:11:18.510 --> 02:11:19.510
.

02:11:19.510 --> 02:11:19.530
.

02:11:19.530 --> 02:11:19.550
.

02:11:19.550 --> 02:11:20.990
.

02:11:20.990 --> 02:11:22.790
.

02:11:31.430 --> 02:11:32.830
.

02:11:34.430 --> 02:11:35.830
.

02:11:42.470 --> 02:11:43.870
.

02:11:43.870 --> 02:11:44.110
.

02:11:44.110 --> 02:11:46.290
.

02:12:11.370 --> 02:12:12.770
.

02:12:12.770 --> 02:12:12.790
.

02:12:12.790 --> 02:12:13.570
.

02:12:13.570 --> 02:12:13.770
.

02:12:20.090 --> 02:12:21.490
.

02:12:21.490 --> 02:12:23.750
.

02:12:23.750 --> 02:12:23.770
.

02:12:39.890 --> 02:12:41.290
.

02:12:41.290 --> 02:12:41.610
.

02:12:41.610 --> 02:12:43.690
.

02:13:01.730 --> 02:13:03.130
.

02:13:03.130 --> 02:13:04.350
.

02:13:31.110 --> 02:13:32.510
.

02:14:01.050 --> 02:14:02.450
.

02:14:02.450 --> 02:14:03.290
.

02:14:03.290 --> 02:14:03.350
.

02:14:19.530 --> 02:14:20.930
.

02:14:20.930 --> 02:14:21.670
.

02:14:21.670 --> 02:14:21.690
.

02:14:32.130 --> 02:14:33.530
.

02:14:36.370 --> 02:14:36.690
.

02:15:02.990 --> 02:15:03.310
.

02:15:03.310 --> 02:15:03.470
.

02:15:03.470 --> 02:15:03.490
.

02:15:03.490 --> 02:15:03.510
.

02:15:03.510 --> 02:15:03.570
.

02:15:26.790 --> 02:15:26.910
.

02:15:32.870 --> 02:15:32.990
.

02:15:32.990 --> 02:15:33.010
.

02:15:33.010 --> 02:15:33.030
.

02:15:35.730 --> 02:15:35.770
.

02:15:35.770 --> 02:15:35.790
.

02:15:52.590 --> 02:15:52.630
.

02:15:52.630 --> 02:15:52.650
.

02:15:52.650 --> 02:15:52.670
.

02:15:55.550 --> 02:15:56.950
.

02:16:00.130 --> 02:16:01.530
.

02:16:01.530 --> 02:16:01.550
.

02:16:03.050 --> 02:16:04.450
.

02:16:22.450 --> 02:16:23.850
.

02:16:23.850 --> 02:16:23.870
.

02:16:30.130 --> 02:16:31.530
.

02:16:31.530 --> 02:16:33.450
.

02:16:42.210 --> 02:16:43.610
.

02:16:43.610 --> 02:16:45.510
.

02:17:00.570 --> 02:17:01.970
.

02:17:01.970 --> 02:17:02.050
.

02:17:02.050 --> 02:17:02.770
.

02:17:02.770 --> 02:17:02.810
.

02:17:08.930 --> 02:17:10.330
.

02:17:10.330 --> 02:17:12.850
.

02:17:37.590 --> 02:17:38.990
.

02:17:38.990 --> 02:17:39.990
.

02:18:07.910 --> 02:18:08.930
.

02:18:08.930 --> 02:18:08.950
.

02:18:08.950 --> 02:18:08.970
.

02:18:08.970 --> 02:18:09.670
.

02:18:09.670 --> 02:18:11.650
.

02:18:16.250 --> 02:18:17.650
.

02:18:17.650 --> 02:18:19.550
.

02:18:45.830 --> 02:18:47.230
.

02:18:47.230 --> 02:18:47.250
.

02:18:47.250 --> 02:18:47.690
.

02:18:47.690 --> 02:18:47.710
.

02:19:16.350 --> 02:19:17.230
.

02:19:17.250 --> 02:19:18.790
.

02:19:18.790 --> 02:19:21.250
.

02:19:21.250 --> 02:19:22.470
.

02:19:22.470 --> 02:19:23.790
.

02:19:30.370 --> 02:19:31.770
.

02:19:31.770 --> 02:19:32.730
.

02:20:00.250 --> 02:20:01.470
.

02:20:01.470 --> 02:20:01.490
.

02:20:01.490 --> 02:20:01.750
.

02:20:01.750 --> 02:20:02.610
.

02:20:05.210 --> 02:20:06.610
.

02:20:11.750 --> 02:20:12.470
.

02:20:12.470 --> 02:20:12.490
.

02:20:12.490 --> 02:20:13.430
.

02:20:40.770 --> 02:20:42.170
.

02:20:42.170 --> 02:20:43.050
.

02:20:48.030 --> 02:20:49.430
.

02:20:49.430 --> 02:20:51.090
.

02:20:51.090 --> 02:20:51.470
.

02:20:51.470 --> 02:20:52.290
.

02:20:52.290 --> 02:20:52.610
.

02:20:52.610 --> 02:20:54.670
.

02:20:54.670 --> 02:20:55.250
.

02:20:55.250 --> 02:20:55.410
.

02:20:55.410 --> 02:20:57.410
.

02:20:57.410 --> 02:20:59.010
.

02:20:59.010 --> 02:21:00.130
.

02:21:00.130 --> 02:21:01.110
.

02:21:01.110 --> 02:21:01.410
.

02:21:01.410 --> 02:21:02.550
.

02:21:04.670 --> 02:21:06.070
.

02:21:06.070 --> 02:21:06.470
.

02:21:06.470 --> 02:21:07.130
.

02:21:07.130 --> 02:21:07.170
.

02:21:07.170 --> 02:21:07.370
.

02:21:07.370 --> 02:21:07.690
.

02:21:07.690 --> 02:21:07.770
.

02:21:07.770 --> 02:21:08.250
.

02:21:08.250 --> 02:21:09.490
.

02:21:10.950 --> 02:21:12.350
.

02:21:12.350 --> 02:21:13.130
.

02:21:13.130 --> 02:21:13.570
.

02:21:13.570 --> 02:21:13.850
.

02:21:13.850 --> 02:21:13.870
.

02:21:13.870 --> 02:21:14.350
.

02:21:15.250 --> 02:21:15.830
.

02:21:15.830 --> 02:21:15.930
.

02:21:15.930 --> 02:21:16.630
.

02:21:16.630 --> 02:21:16.990
.

02:21:16.990 --> 02:21:17.490
.

02:21:17.490 --> 02:21:18.570
.

02:21:18.570 --> 02:21:19.170
.

02:21:19.170 --> 02:21:21.710
.

02:21:21.710 --> 02:21:22.350
.

02:21:22.350 --> 02:21:22.650
.

02:21:22.650 --> 02:21:24.130
.

02:21:24.130 --> 02:21:24.290
.

02:21:24.290 --> 02:21:25.250
.

02:21:32.830 --> 02:21:34.230
.

02:21:34.230 --> 02:21:35.170
.

02:21:35.170 --> 02:21:35.470
.

02:21:53.230 --> 02:21:54.010
.

02:21:54.010 --> 02:21:54.950
.

02:22:08.990 --> 02:22:10.390
.

02:22:19.910 --> 02:22:21.310
.

02:22:21.310 --> 02:22:23.990
.

02:22:23.990 --> 02:22:25.250
.

02:22:50.330 --> 02:22:51.730
.

02:22:51.730 --> 02:22:53.390
.

02:22:53.390 --> 02:22:53.950
.

02:22:53.950 --> 02:22:53.970
.

02:22:53.970 --> 02:22:55.110
.

02:22:55.110 --> 02:22:57.290
.

02:22:57.290 --> 02:22:57.950
.

02:22:57.950 --> 02:22:58.990
.

02:22:58.990 --> 02:23:00.090
.

02:23:27.810 --> 02:23:28.930
.

02:23:28.930 --> 02:23:28.950
.

02:23:28.950 --> 02:23:28.970
.

02:23:32.490 --> 02:23:32.530
.

02:23:32.530 --> 02:23:32.550
.

02:23:58.870 --> 02:23:58.910
.

02:23:58.910 --> 02:23:58.930
.

02:23:58.930 --> 02:23:58.950
.

02:23:58.950 --> 02:24:01.050
.

02:24:06.210 --> 02:24:07.610
.

02:24:07.610 --> 02:24:10.070
.

02:24:10.070 --> 02:24:11.850
.

02:24:11.850 --> 02:24:13.430
.

02:24:16.710 --> 02:24:18.110
.

02:24:18.110 --> 02:24:18.570
.

02:24:18.570 --> 02:24:20.430
.

02:24:24.310 --> 02:24:25.710
.

02:24:25.710 --> 02:24:26.850
.

02:24:26.850 --> 02:24:27.770
.

02:24:27.770 --> 02:24:29.390
.

02:24:34.610 --> 02:24:36.010
.

02:24:36.010 --> 02:24:36.230
.

02:24:36.230 --> 02:24:36.790
.

02:24:36.790 --> 02:24:36.890
.

02:24:36.890 --> 02:24:37.670
.

02:24:37.670 --> 02:24:39.490
.

02:24:39.490 --> 02:24:40.870
.

02:24:42.530 --> 02:24:43.930
.

02:24:43.930 --> 02:24:46.150
.

02:24:46.150 --> 02:24:48.350
.

02:24:48.350 --> 02:24:48.530
.

02:24:48.530 --> 02:24:48.750
.

02:24:48.750 --> 02:24:49.930
.

02:24:49.930 --> 02:24:51.330
.

02:24:55.590 --> 02:24:56.990
.

02:24:56.990 --> 02:24:57.550
.

02:24:57.550 --> 02:24:58.650
.

02:24:58.650 --> 02:24:59.330
.

02:24:59.330 --> 02:25:00.470
.

02:25:00.470 --> 02:25:01.750
.

02:25:01.750 --> 02:25:04.010
.

02:25:04.010 --> 02:25:04.430
.

02:25:04.430 --> 02:25:05.170
.

02:25:05.170 --> 02:25:05.830
.

02:25:05.830 --> 02:25:08.070
.

02:25:08.070 --> 02:25:10.010
.

02:25:10.010 --> 02:25:10.110
.

02:25:10.110 --> 02:25:11.730
.

02:25:14.630 --> 02:25:16.030
.

02:25:20.130 --> 02:25:21.530
.

02:25:21.530 --> 02:25:22.090
.

02:25:24.050 --> 02:25:25.170
.

02:25:25.170 --> 02:25:25.470
.

02:25:25.470 --> 02:25:26.490
.

02:25:32.150 --> 02:25:33.550
.

02:25:33.550 --> 02:25:33.710
.

02:25:33.710 --> 02:25:34.390
.

02:25:37.110 --> 02:25:37.810
.

02:25:37.810 --> 02:25:37.830
.

02:25:37.830 --> 02:25:37.850
.

02:25:40.050 --> 02:25:41.450
.

02:25:41.450 --> 02:25:42.930
.

02:25:42.930 --> 02:25:43.390
.

02:25:43.390 --> 02:25:45.470
.

02:25:45.470 --> 02:25:46.930
.

02:25:46.930 --> 02:25:48.210
.

02:25:48.210 --> 02:25:48.370
.

02:25:48.370 --> 02:25:51.030
.

02:25:51.030 --> 02:25:51.270
.

02:25:53.150 --> 02:25:54.550
.

02:25:54.550 --> 02:25:55.650
.

02:25:55.650 --> 02:25:56.850
.

02:25:56.850 --> 02:25:58.770
.

02:25:58.770 --> 02:25:58.910
.

02:26:00.590 --> 02:26:01.990
.

02:26:03.510 --> 02:26:04.910
.

02:26:04.910 --> 02:26:05.550
.

02:26:12.530 --> 02:26:13.930
.

02:26:13.930 --> 02:26:13.950
.

02:26:13.950 --> 02:26:14.490
.

02:26:14.490 --> 02:26:15.690
.

02:26:24.090 --> 02:26:25.490
.

02:26:25.490 --> 02:26:25.970
.

02:26:25.970 --> 02:26:27.290
.

02:26:27.290 --> 02:26:28.650
.

02:26:28.650 --> 02:26:30.450
.

02:26:30.450 --> 02:26:30.830
.

02:26:30.830 --> 02:26:31.530
.

02:26:31.530 --> 02:26:32.230
.

02:26:32.230 --> 02:26:32.730
.

02:26:32.730 --> 02:26:33.910
.

02:26:33.910 --> 02:26:34.710
.

02:26:34.710 --> 02:26:36.930
.

02:26:36.930 --> 02:26:38.430
.

02:26:38.430 --> 02:26:39.130
.

02:26:39.130 --> 02:26:39.790
.

02:26:41.290 --> 02:26:42.690
.

02:26:42.690 --> 02:26:44.870
.

02:26:44.870 --> 02:26:46.270
.

02:26:47.690 --> 02:26:49.090
.

02:26:49.090 --> 02:26:50.310
.

02:26:50.310 --> 02:26:51.750
.

02:26:51.750 --> 02:26:52.730
.

02:26:52.730 --> 02:26:53.170
.

02:26:58.110 --> 02:26:59.270
.

02:26:59.270 --> 02:26:59.850
.

02:26:59.850 --> 02:26:59.870
.

02:26:59.870 --> 02:27:00.530
.

02:27:00.530 --> 02:27:00.550
.

02:27:00.550 --> 02:27:01.050
.

02:27:01.050 --> 02:27:01.230
.

02:27:01.230 --> 02:27:01.310
.

02:27:01.310 --> 02:27:02.050
.

02:27:02.050 --> 02:27:02.550
.

02:27:02.550 --> 02:27:02.910
.

02:27:02.910 --> 02:27:03.730
.

02:27:03.730 --> 02:27:04.170
.

02:27:04.170 --> 02:27:04.210
.

02:27:04.210 --> 02:27:05.490
.

02:27:32.770 --> 02:27:34.170
.

02:27:34.170 --> 02:27:34.190
.

02:27:34.190 --> 02:27:34.210
.

02:27:46.370 --> 02:27:46.410
.

02:27:46.410 --> 02:27:46.430
.

02:27:46.430 --> 02:27:46.450
.

02:27:46.450 --> 02:27:47.250
.

02:27:47.250 --> 02:27:49.890
.

02:27:49.890 --> 02:27:51.090
.

02:27:51.090 --> 02:27:52.470
.

02:28:19.670 --> 02:28:21.070
.

02:28:21.070 --> 02:28:21.730
.

02:28:24.190 --> 02:28:25.510
.

02:28:25.510 --> 02:28:25.650
.

02:28:25.650 --> 02:28:26.150
.

02:28:26.150 --> 02:28:27.550
.

02:28:27.550 --> 02:28:28.010
.

02:28:28.010 --> 02:28:30.270
.

02:28:30.270 --> 02:28:31.630
.

02:28:34.030 --> 02:28:35.430
.

02:28:35.430 --> 02:28:35.470
.

02:28:35.470 --> 02:28:36.450
.

02:28:36.450 --> 02:28:37.510
.

02:28:41.850 --> 02:28:43.250
.

02:28:43.250 --> 02:28:44.530
.

02:28:44.530 --> 02:28:45.350
.

02:28:45.350 --> 02:28:46.410
.

02:28:48.390 --> 02:28:49.790
.

02:28:49.790 --> 02:28:50.030
.

02:28:50.030 --> 02:28:51.090
.

02:28:58.530 --> 02:28:59.610
.

02:28:59.610 --> 02:28:59.630
.

02:28:59.630 --> 02:28:59.650
.

02:29:01.170 --> 02:29:02.570
.

02:29:02.570 --> 02:29:03.810
.

02:29:03.810 --> 02:29:04.570
.

02:29:04.570 --> 02:29:05.150
.

02:29:05.150 --> 02:29:06.430
.

02:29:06.430 --> 02:29:06.470
.

02:29:06.470 --> 02:29:08.110
.

02:29:08.110 --> 02:29:09.050
.

02:29:14.750 --> 02:29:16.150
.

02:29:16.150 --> 02:29:16.470
.

02:29:16.470 --> 02:29:17.830
.

02:29:26.230 --> 02:29:27.630
.

02:29:27.630 --> 02:29:28.530
.

02:29:28.530 --> 02:29:28.890
.

02:29:28.890 --> 02:29:30.150
.

02:29:30.150 --> 02:29:31.910
.

02:29:31.910 --> 02:29:34.150
.

02:30:00.450 --> 02:30:01.850
.

02:30:01.850 --> 02:30:01.870
.

02:30:01.870 --> 02:30:01.890
.

02:30:01.890 --> 02:30:02.590
.

02:30:04.250 --> 02:30:05.650
.

02:30:05.650 --> 02:30:06.610
.

02:30:08.850 --> 02:30:10.250
.

02:30:10.250 --> 02:30:11.090
.

02:30:13.030 --> 02:30:14.430
.

02:30:14.430 --> 02:30:15.150
.

02:30:15.150 --> 02:30:15.930
.

02:30:15.930 --> 02:30:16.390
.

02:30:21.870 --> 02:30:22.450
.

02:30:22.450 --> 02:30:22.570
.

02:30:22.570 --> 02:30:22.590
.

02:30:24.730 --> 02:30:26.130
.

02:30:26.130 --> 02:30:26.150
.

02:30:26.150 --> 02:30:28.210
.

02:30:28.210 --> 02:30:28.670
.

02:30:30.630 --> 02:30:32.030
.

02:30:33.670 --> 02:30:34.030
.

02:30:35.470 --> 02:30:36.870
.

02:30:39.810 --> 02:30:41.210
.

02:30:41.210 --> 02:30:42.230
.

02:30:47.310 --> 02:30:48.710
.

02:30:48.710 --> 02:30:49.930
.

02:30:49.930 --> 02:30:51.030
.

02:30:51.030 --> 02:30:53.530
.

02:30:53.530 --> 02:30:53.850
.

02:30:53.850 --> 02:30:55.350
.

02:30:57.710 --> 02:30:59.110
.

02:31:02.610 --> 02:31:04.010
.

02:31:04.010 --> 02:31:04.390
.

02:31:04.390 --> 02:31:04.410
.

02:31:04.410 --> 02:31:06.170
.

02:31:06.170 --> 02:31:06.190
.

02:31:06.190 --> 02:31:08.350
.

02:31:08.350 --> 02:31:08.530
.

02:31:08.530 --> 02:31:09.210
.

02:31:18.910 --> 02:31:20.310
.

02:31:20.310 --> 02:31:21.210
.

02:31:21.210 --> 02:31:21.570
.

02:31:21.570 --> 02:31:21.870
.

02:31:21.870 --> 02:31:22.030
.

02:31:22.030 --> 02:31:22.790
.

02:31:22.790 --> 02:31:23.590
.

02:31:23.590 --> 02:31:25.730
.

02:31:25.730 --> 02:31:26.410
.

02:31:26.410 --> 02:31:26.610
.

02:31:27.470 --> 02:31:27.510
.

02:31:56.490 --> 02:31:56.530
.

02:31:56.530 --> 02:31:56.550
.

02:31:56.550 --> 02:31:56.570
.

02:31:56.570 --> 02:31:56.590
.

02:31:59.990 --> 02:32:01.030
.

02:32:01.030 --> 02:32:01.170
.

02:32:01.170 --> 02:32:01.690
.

02:32:01.690 --> 02:32:03.350
.

02:32:03.350 --> 02:32:05.650
.

02:32:05.650 --> 02:32:06.510
.

02:32:11.710 --> 02:32:13.110
.

02:32:13.110 --> 02:32:14.190
.

02:32:14.190 --> 02:32:15.290
.

02:32:15.290 --> 02:32:16.710
.

02:32:16.710 --> 02:32:17.330
.

02:32:17.330 --> 02:32:17.530
.

02:32:17.530 --> 02:32:18.930
.

02:32:20.650 --> 02:32:22.050
.

02:32:22.050 --> 02:32:22.070
.

02:32:22.070 --> 02:32:22.570
.

02:32:22.570 --> 02:32:23.550
.

02:32:26.230 --> 02:32:27.230
.

02:32:27.230 --> 02:32:27.250
.

02:32:27.250 --> 02:32:27.270
.

02:32:27.270 --> 02:32:27.690
.

02:32:27.690 --> 02:32:29.130
.

02:32:29.130 --> 02:32:29.390
.

02:32:32.550 --> 02:32:33.550
.

02:32:33.550 --> 02:32:33.930
.

02:32:33.930 --> 02:32:34.550
.

02:32:34.550 --> 02:32:35.010
.

02:32:35.010 --> 02:32:35.190
.

02:32:35.190 --> 02:32:35.670
.

02:32:35.670 --> 02:32:35.970
.

02:32:35.970 --> 02:32:37.010
.

02:32:37.010 --> 02:32:38.130
.

02:32:38.130 --> 02:32:38.750
.

02:32:38.750 --> 02:32:41.430
.

02:33:07.010 --> 02:33:08.330
.

02:33:08.330 --> 02:33:09.310
.

02:33:12.790 --> 02:33:14.190
.

02:33:17.410 --> 02:33:18.810
.

02:33:18.810 --> 02:33:19.470
.

02:33:19.470 --> 02:33:21.350
.

02:33:21.350 --> 02:33:22.630
.

02:33:26.650 --> 02:33:28.050
.

02:33:28.050 --> 02:33:28.070
.

02:33:28.070 --> 02:33:28.930
.

02:33:34.850 --> 02:33:35.870
.

02:33:35.870 --> 02:33:36.030
.

02:33:36.030 --> 02:33:36.150
.

02:33:36.150 --> 02:33:36.730
.

02:33:36.730 --> 02:33:37.970
.

02:33:37.970 --> 02:33:38.570
.

02:33:38.570 --> 02:33:40.190
.

02:33:40.190 --> 02:33:41.010
.

02:33:47.110 --> 02:33:48.270
.

02:33:48.270 --> 02:33:48.610
.

02:33:48.610 --> 02:33:48.630
.

02:33:48.630 --> 02:33:51.230
.

02:33:51.230 --> 02:33:53.270
.

02:33:53.270 --> 02:33:53.390
.

02:33:56.310 --> 02:33:57.710
.

02:33:57.710 --> 02:33:59.530
.

02:34:03.590 --> 02:34:04.990
.

02:34:04.990 --> 02:34:05.490
.

02:34:05.490 --> 02:34:06.570
.

02:34:06.570 --> 02:34:07.250
.

02:34:07.250 --> 02:34:08.590
.

02:34:08.590 --> 02:34:08.970
.

02:34:08.970 --> 02:34:10.490
.

02:34:10.490 --> 02:34:12.130
.

02:34:12.130 --> 02:34:12.590
.

02:34:12.590 --> 02:34:12.890
.

02:34:12.890 --> 02:34:13.150
.

02:34:13.150 --> 02:34:13.970
.

02:34:13.970 --> 02:34:14.310
.

02:34:14.310 --> 02:34:14.550
.

02:34:14.550 --> 02:34:15.270
.

02:34:15.270 --> 02:34:15.570
.

02:34:15.570 --> 02:34:15.790
.

02:34:15.790 --> 02:34:17.370
.

02:34:18.830 --> 02:34:20.230
.

02:34:20.230 --> 02:34:20.530
.

02:34:20.530 --> 02:34:20.610
.

02:34:20.610 --> 02:34:20.790
.

02:34:20.790 --> 02:34:22.530
.

02:34:22.530 --> 02:34:23.290
.

02:34:23.290 --> 02:34:23.370
.

02:34:31.310 --> 02:34:31.450
.

02:34:31.450 --> 02:34:31.470
.

02:34:31.470 --> 02:34:31.530
.

02:34:31.530 --> 02:34:31.770
.

02:34:34.190 --> 02:34:35.430
.

02:34:35.430 --> 02:34:35.790
.

02:34:35.790 --> 02:34:36.670
.

02:34:36.670 --> 02:34:37.350
.

02:34:37.350 --> 02:34:38.990
.

02:34:38.990 --> 02:34:41.130
.

02:34:41.130 --> 02:34:41.410
.

02:34:41.410 --> 02:34:41.450
.

02:34:41.450 --> 02:34:43.370
.

02:34:46.830 --> 02:34:48.230
.

02:34:51.450 --> 02:34:52.230
.

02:34:52.230 --> 02:34:52.250
.

02:34:52.250 --> 02:34:52.850
.

02:34:52.850 --> 02:34:53.630
.

02:34:59.290 --> 02:35:00.690
.

02:35:00.690 --> 02:35:01.210
.

02:35:02.970 --> 02:35:03.490
.

02:35:30.370 --> 02:35:30.890
.

02:35:30.890 --> 02:35:31.150
.

02:35:31.150 --> 02:35:31.170
.

02:35:31.170 --> 02:35:31.190
.

02:35:31.190 --> 02:35:31.770
.

02:35:31.770 --> 02:35:32.630
.

02:35:32.630 --> 02:35:33.110
.

02:35:33.110 --> 02:35:34.910
.

02:35:34.910 --> 02:35:37.430
.

02:35:56.250 --> 02:35:57.650
.

02:35:57.650 --> 02:35:57.670
.

02:35:57.670 --> 02:35:57.690
.

02:35:57.690 --> 02:35:57.750
.

02:35:57.750 --> 02:35:58.830
.

02:35:58.830 --> 02:35:59.430
.

02:35:59.430 --> 02:35:59.550
.

02:35:59.550 --> 02:35:59.790
.

02:36:02.410 --> 02:36:03.350
.

02:36:03.350 --> 02:36:03.850
.

02:36:03.850 --> 02:36:04.290
.

02:36:04.290 --> 02:36:04.930
.

02:36:04.930 --> 02:36:07.550
.

02:36:07.550 --> 02:36:07.750
.

02:36:07.750 --> 02:36:08.550
.

02:36:08.550 --> 02:36:09.150
.

02:36:12.230 --> 02:36:12.850
.

02:36:12.850 --> 02:36:12.870
.

02:36:12.870 --> 02:36:12.890
.

02:36:12.890 --> 02:36:13.110
.

02:36:14.950 --> 02:36:15.390
.

02:36:15.390 --> 02:36:15.470
.

02:36:15.470 --> 02:36:15.770
.

02:36:15.770 --> 02:36:16.710
.

02:36:16.710 --> 02:36:16.970
.

02:36:16.970 --> 02:36:17.010
.

02:36:17.010 --> 02:36:17.490
.

02:36:17.490 --> 02:36:17.910
.

02:36:17.910 --> 02:36:18.330
.

02:36:18.330 --> 02:36:18.990
.

02:36:18.990 --> 02:36:19.730
.

02:36:25.070 --> 02:36:26.390
.

02:36:26.390 --> 02:36:26.690
.

02:36:26.690 --> 02:36:26.710
.

02:36:26.710 --> 02:36:26.890
.

02:36:26.890 --> 02:36:27.090
.

02:36:27.090 --> 02:36:27.310
.

02:36:27.310 --> 02:36:27.410
.

02:36:27.410 --> 02:36:27.790
.

02:36:27.790 --> 02:36:28.870
.

02:36:28.870 --> 02:36:30.710
.

02:36:30.710 --> 02:36:31.650
.

02:36:31.650 --> 02:36:31.910
.

02:36:31.910 --> 02:36:32.350
.

02:36:33.870 --> 02:36:35.270
.

02:36:35.270 --> 02:36:35.430
.

02:36:35.430 --> 02:36:36.230
.

02:36:58.970 --> 02:37:00.370
.

02:37:00.370 --> 02:37:00.390
.

02:37:00.390 --> 02:37:00.430
.

02:37:01.110 --> 02:37:01.490
.

02:37:01.490 --> 02:37:01.830
.

02:37:01.830 --> 02:37:02.510
.

02:37:02.510 --> 02:37:04.550
.

02:37:04.550 --> 02:37:05.830
.

02:37:05.830 --> 02:37:07.010
.

02:37:07.010 --> 02:37:09.750
.

02:37:09.750 --> 02:37:11.350
.

02:37:11.350 --> 02:37:11.370
.

02:37:11.370 --> 02:37:13.290
.

02:37:13.290 --> 02:37:13.310
.

02:37:13.310 --> 02:37:15.530
.

02:37:15.530 --> 02:37:15.850
.

02:37:15.850 --> 02:37:16.610
.

02:37:16.610 --> 02:37:17.050
.

02:37:17.050 --> 02:37:17.170
.

02:37:18.390 --> 02:37:18.630
.

02:37:18.630 --> 02:37:18.730
.

02:37:18.730 --> 02:37:18.810
.

02:37:18.810 --> 02:37:19.650
.

02:37:19.650 --> 02:37:21.430
.

02:37:25.010 --> 02:37:26.410
.

02:37:26.410 --> 02:37:26.610
.

02:37:26.610 --> 02:37:26.750
.

02:37:26.750 --> 02:37:27.710
.

02:37:27.710 --> 02:37:28.870
.

02:37:28.870 --> 02:37:29.090
.

02:37:29.090 --> 02:37:30.470
.

02:37:30.470 --> 02:37:31.050
.

02:37:31.050 --> 02:37:31.250
.

02:37:31.250 --> 02:37:32.830
.

02:37:32.830 --> 02:37:34.990
.

02:37:34.990 --> 02:37:35.670
.

02:37:35.670 --> 02:37:36.770
.

02:37:38.210 --> 02:37:39.610
.

02:37:48.310 --> 02:37:49.710
.

02:37:49.710 --> 02:37:49.730
.

02:37:49.730 --> 02:37:50.010
.

02:37:50.010 --> 02:37:52.370
.

02:37:52.370 --> 02:37:53.390
.

02:37:53.390 --> 02:37:54.710
.

02:37:54.710 --> 02:37:56.110
.

02:37:56.110 --> 02:37:57.390
.

02:37:57.390 --> 02:37:58.370
.

02:37:58.370 --> 02:37:58.390
.

02:37:58.390 --> 02:38:00.450
.

02:38:00.450 --> 02:38:01.510
.

02:38:01.510 --> 02:38:02.150
.

02:38:02.150 --> 02:38:04.090
.

02:38:04.090 --> 02:38:04.310
.

02:38:04.310 --> 02:38:04.410
.

02:38:04.410 --> 02:38:06.470
.

02:38:06.470 --> 02:38:08.630
.

02:38:08.630 --> 02:38:08.710
.

02:38:08.710 --> 02:38:09.650
.

02:38:09.650 --> 02:38:11.930
.

02:38:11.930 --> 02:38:12.990
.

02:38:16.150 --> 02:38:17.550
.

02:38:17.550 --> 02:38:18.170
.

02:38:18.170 --> 02:38:19.030
.

02:38:19.030 --> 02:38:20.230
.

02:38:20.230 --> 02:38:20.710
.

02:38:20.710 --> 02:38:20.770
.

02:38:20.770 --> 02:38:21.670
.

02:38:24.630 --> 02:38:26.030
.

02:38:26.030 --> 02:38:26.270
.

02:38:26.270 --> 02:38:28.370
.

02:38:50.770 --> 02:38:51.670
.

02:38:51.670 --> 02:38:53.910
.

02:38:53.910 --> 02:38:54.870
.

02:38:54.870 --> 02:38:55.510
.

02:38:55.510 --> 02:38:56.430
.

02:38:58.170 --> 02:38:59.570
.

02:38:59.570 --> 02:38:59.650
.

02:38:59.650 --> 02:39:00.750
.

02:39:04.990 --> 02:39:06.390
.

02:39:06.390 --> 02:39:08.010
.

02:39:08.010 --> 02:39:10.450
.

02:39:10.450 --> 02:39:10.470
.

02:39:17.590 --> 02:39:18.870
.

02:39:18.870 --> 02:39:19.510
.

02:39:19.510 --> 02:39:19.870
.

02:39:19.870 --> 02:39:20.390
.

02:39:20.390 --> 02:39:21.010
.

02:39:21.010 --> 02:39:22.990
.

02:39:22.990 --> 02:39:24.430
.

02:39:24.430 --> 02:39:25.490
.

02:39:25.490 --> 02:39:26.170
.

02:39:28.410 --> 02:39:29.770
.

02:39:29.770 --> 02:39:29.790
.

02:39:29.790 --> 02:39:30.150
.

02:39:30.150 --> 02:39:30.390
.

02:39:30.390 --> 02:39:30.790
.

02:39:30.790 --> 02:39:31.370
.

02:39:31.370 --> 02:39:31.550
.

02:39:31.550 --> 02:39:32.090
.

02:39:32.090 --> 02:39:32.490
.

02:39:32.490 --> 02:39:32.830
.

02:39:32.830 --> 02:39:33.930
.

02:39:33.930 --> 02:39:35.110
.

02:39:37.250 --> 02:39:38.650
.

02:39:41.610 --> 02:39:43.010
.

02:39:43.010 --> 02:39:45.350
.

02:39:48.850 --> 02:39:50.250
.

02:39:50.250 --> 02:39:50.270
.

02:39:51.870 --> 02:39:53.270
.

02:39:57.730 --> 02:39:59.130
.

02:39:59.130 --> 02:39:59.810
.

02:40:06.150 --> 02:40:07.510
.

02:40:07.510 --> 02:40:07.750
.

02:40:07.750 --> 02:40:09.790
.

02:40:12.450 --> 02:40:13.850
.

02:40:13.850 --> 02:40:14.970
.

02:40:14.970 --> 02:40:15.110
.

02:40:15.110 --> 02:40:15.930
.

02:40:15.930 --> 02:40:16.490
.

02:40:18.750 --> 02:40:19.870
.

02:40:19.870 --> 02:40:20.110
.

02:40:20.110 --> 02:40:20.570
.

02:40:20.570 --> 02:40:21.330
.

02:40:21.330 --> 02:40:21.590
.

02:40:21.590 --> 02:40:21.810
.

02:40:21.810 --> 02:40:22.590
.

02:40:22.590 --> 02:40:22.950
.

02:40:24.570 --> 02:40:25.970
.

02:40:25.970 --> 02:40:26.830
.

02:40:29.510 --> 02:40:30.390
.

02:40:30.390 --> 02:40:30.410
.

02:40:30.410 --> 02:40:30.430
.

02:40:30.430 --> 02:40:31.370
.

02:40:33.590 --> 02:40:34.990
.

02:40:34.990 --> 02:40:36.470
.

02:40:40.810 --> 02:40:42.210
.

02:40:42.210 --> 02:40:43.030
.

02:40:43.030 --> 02:40:43.710
.

02:40:43.710 --> 02:40:45.770
.

02:40:48.710 --> 02:40:49.450
.

02:40:49.450 --> 02:40:51.630
.

02:40:51.630 --> 02:40:52.390
.

02:40:52.390 --> 02:40:53.090
.

02:40:55.410 --> 02:40:56.810
.

02:40:56.810 --> 02:40:57.530
.

02:40:57.530 --> 02:40:57.550
.

02:40:57.550 --> 02:40:59.110
.

02:41:03.370 --> 02:41:04.770
.

02:41:04.770 --> 02:41:05.910
.

02:41:05.910 --> 02:41:06.150
.

02:41:06.150 --> 02:41:06.830
.

02:41:08.850 --> 02:41:10.250
.

02:41:10.250 --> 02:41:11.510
.

02:41:11.510 --> 02:41:12.390
.

02:41:12.390 --> 02:41:13.070
.

02:41:14.650 --> 02:41:15.850
.

02:41:15.850 --> 02:41:16.370
.

02:41:16.370 --> 02:41:16.890
.

02:41:16.890 --> 02:41:18.590
.

02:41:18.590 --> 02:41:19.790
.

02:41:19.790 --> 02:41:19.830
.

02:41:19.830 --> 02:41:20.630
.

02:41:20.630 --> 02:41:21.630
.

02:41:21.630 --> 02:41:21.950
.

02:41:21.950 --> 02:41:23.290
.

02:41:23.290 --> 02:41:24.890
.

02:41:51.870 --> 02:41:53.270
.

02:41:53.270 --> 02:41:54.490
.

02:41:59.910 --> 02:42:01.310
.

02:42:01.310 --> 02:42:01.330
.

02:42:01.330 --> 02:42:03.370
.

02:42:08.550 --> 02:42:09.950
.

02:42:11.530 --> 02:42:12.930
.

02:42:12.930 --> 02:42:14.510
.

02:42:16.410 --> 02:42:17.810
.

02:42:17.810 --> 02:42:17.970
.

02:42:17.970 --> 02:42:20.290
.

02:42:20.290 --> 02:42:22.890
.

02:42:22.890 --> 02:42:22.910
.

02:42:22.910 --> 02:42:22.930
.

02:42:22.930 --> 02:42:23.450
.

02:42:23.450 --> 02:42:24.650
.

02:42:24.650 --> 02:42:24.730
.

02:42:26.270 --> 02:42:27.670
.

02:42:27.670 --> 02:42:30.070
.

02:42:33.730 --> 02:42:35.130
.

02:42:35.130 --> 02:42:36.110
.

02:42:36.110 --> 02:42:36.130
.

02:42:36.130 --> 02:42:36.950
.

02:42:36.950 --> 02:42:37.150
.

02:42:37.150 --> 02:42:39.870
.

02:42:39.870 --> 02:42:40.650
.

02:42:41.390 --> 02:42:41.830
.

02:42:41.830 --> 02:42:41.950
.

02:42:41.950 --> 02:42:42.170
.

02:42:42.170 --> 02:42:43.530
.

02:42:43.530 --> 02:42:44.310
.

02:42:45.770 --> 02:42:47.170
.

02:42:47.170 --> 02:42:47.990
.

02:42:49.630 --> 02:42:50.590
.

02:42:50.590 --> 02:42:50.730
.

02:42:50.730 --> 02:42:50.770
.

02:42:50.770 --> 02:42:52.070
.

02:42:52.070 --> 02:42:54.690
.

02:42:54.690 --> 02:42:55.590
.

02:42:57.490 --> 02:42:58.890
.

02:42:58.890 --> 02:42:59.310
.

02:42:59.310 --> 02:43:00.070
.

02:43:00.070 --> 02:43:00.330
.

02:43:00.330 --> 02:43:00.630
.

02:43:00.630 --> 02:43:01.730
.

02:43:03.430 --> 02:43:04.830
.

02:43:04.830 --> 02:43:04.850
.

02:43:04.850 --> 02:43:04.870
.

02:43:06.470 --> 02:43:06.510
.

02:44:04.730 --> 02:44:04.770
.

02:44:04.770 --> 02:44:04.790
.

02:44:04.790 --> 02:44:04.810
.

02:44:04.810 --> 02:44:04.930
.

02:44:04.930 --> 02:44:05.310
.

02:44:12.910 --> 02:44:13.870
.

02:44:13.870 --> 02:44:14.450
.

02:44:14.450 --> 02:44:16.230
.

02:44:16.230 --> 02:44:16.710
.

02:44:16.710 --> 02:44:18.050
.

02:44:18.050 --> 02:44:18.690
.

02:44:18.690 --> 02:44:20.590
.

02:44:20.590 --> 02:44:21.230
.

02:44:21.230 --> 02:44:21.350
.

02:44:21.350 --> 02:44:23.510
.

02:44:23.510 --> 02:44:24.050
.

02:44:24.050 --> 02:44:26.730
.

02:44:26.730 --> 02:44:26.850
.

02:44:26.850 --> 02:44:27.630
.

02:44:27.630 --> 02:44:28.950
.

02:44:54.830 --> 02:44:56.230
.

02:44:56.230 --> 02:44:56.370
.

02:44:59.570 --> 02:45:00.970
.

02:45:17.030 --> 02:45:18.430
.

02:45:18.430 --> 02:45:18.450
.

02:45:24.950 --> 02:45:26.350
.

02:45:26.350 --> 02:45:28.270
.

02:45:28.270 --> 02:45:28.590
.

02:45:54.870 --> 02:45:56.270
.

02:45:56.270 --> 02:45:57.530
.

02:45:57.530 --> 02:45:59.830
.

02:45:59.830 --> 02:46:01.130
.

02:46:01.130 --> 02:46:01.690
.

02:46:01.690 --> 02:46:02.150
.

02:46:02.150 --> 02:46:02.710
.

02:46:04.130 --> 02:46:05.250
.

02:46:05.250 --> 02:46:05.870
.

02:46:33.830 --> 02:46:35.230
.

02:46:35.230 --> 02:46:35.350
.

02:46:35.350 --> 02:46:35.970
.

02:46:51.910 --> 02:46:52.650
.

02:46:52.650 --> 02:46:52.670
.

02:47:05.590 --> 02:47:06.990
.

02:47:11.510 --> 02:47:12.910
.

02:47:12.910 --> 02:47:15.290
.

02:47:15.290 --> 02:47:15.310
.

02:47:18.230 --> 02:47:19.630
.

02:47:43.850 --> 02:47:45.250
.

02:47:45.250 --> 02:47:45.270
.

02:47:45.270 --> 02:47:45.290
.

02:47:45.290 --> 02:47:45.830
.

02:47:45.830 --> 02:47:46.950
.

02:47:46.950 --> 02:47:47.170
.

02:47:48.950 --> 02:47:50.350
.

02:47:50.350 --> 02:47:51.430
.

02:47:56.730 --> 02:47:58.130
.

02:47:58.130 --> 02:47:58.510
.

02:47:58.510 --> 02:47:58.550
.

02:47:58.550 --> 02:47:59.410
.

02:48:01.350 --> 02:48:02.750
.

02:48:02.750 --> 02:48:03.130
.

02:48:05.030 --> 02:48:06.430
.

02:48:06.430 --> 02:48:07.770
.

02:48:09.350 --> 02:48:10.750
.

02:48:10.750 --> 02:48:11.210
.

02:48:11.210 --> 02:48:11.230
.

02:48:11.230 --> 02:48:11.710
.

02:48:11.710 --> 02:48:12.190
.

02:48:12.190 --> 02:48:12.390
.

02:48:12.390 --> 02:48:12.570
.

02:48:12.570 --> 02:48:12.930
.

02:48:12.930 --> 02:48:13.670
.

02:48:13.670 --> 02:48:13.790
.

02:48:13.790 --> 02:48:14.470
.

02:48:14.470 --> 02:48:15.430
.

02:48:15.430 --> 02:48:17.290
.

02:48:17.290 --> 02:48:19.130
.

02:48:23.810 --> 02:48:25.210
.

02:48:25.210 --> 02:48:25.310
.

02:48:25.310 --> 02:48:25.870
.

02:48:25.870 --> 02:48:27.070
.

02:48:27.070 --> 02:48:27.230
.

02:48:27.230 --> 02:48:29.750
.

02:48:29.750 --> 02:48:30.490
.

02:48:34.750 --> 02:48:35.250
.

02:48:35.250 --> 02:48:35.810
.

02:48:35.810 --> 02:48:36.290
.

02:48:36.290 --> 02:48:37.350
.

02:48:37.350 --> 02:48:38.010
.

02:48:38.010 --> 02:48:38.270
.

02:49:06.190 --> 02:49:06.510
.

02:49:06.510 --> 02:49:06.670
.

02:49:06.670 --> 02:49:06.690
.

02:49:06.690 --> 02:49:06.930
.

02:49:06.930 --> 02:49:09.670
.

02:49:23.970 --> 02:49:25.370
.

02:49:25.370 --> 02:49:25.390
.

02:49:25.390 --> 02:49:28.090
.

02:49:28.090 --> 02:49:28.330
.

02:49:48.590 --> 02:49:49.990
.

02:49:49.990 --> 02:49:51.330
.

02:49:51.330 --> 02:49:53.490
.

02:49:53.490 --> 02:49:54.230
.

02:49:54.230 --> 02:49:55.290
.

02:49:57.050 --> 02:49:58.450
.

02:49:58.450 --> 02:49:59.050
.

02:49:59.050 --> 02:49:59.130
.

02:50:24.230 --> 02:50:24.310
.

02:50:30.030 --> 02:50:31.430
.

02:50:31.430 --> 02:50:33.290
.

02:50:33.290 --> 02:50:33.510
.

02:50:33.510 --> 02:50:35.370
.

02:50:39.530 --> 02:50:40.930
.

02:50:40.930 --> 02:50:41.030
.

02:50:41.030 --> 02:50:41.050
.

02:50:41.050 --> 02:50:41.330
.

02:50:46.910 --> 02:50:48.310
.

02:50:48.310 --> 02:50:50.130
.

02:50:50.130 --> 02:50:50.530
.

02:50:50.530 --> 02:50:52.270
.

02:50:52.270 --> 02:50:53.050
.

02:50:53.050 --> 02:50:55.710
.

02:50:55.710 --> 02:50:55.730
.

02:50:57.390 --> 02:50:58.790
.

02:50:58.790 --> 02:50:59.470
.

02:50:59.470 --> 02:51:00.450
.

02:51:00.450 --> 02:51:00.470
.

02:51:00.470 --> 02:51:02.090
.

02:51:02.090 --> 02:51:03.390
.

02:51:06.990 --> 02:51:08.390
.

02:51:13.430 --> 02:51:14.830
.

02:51:14.830 --> 02:51:14.850
.

02:51:14.850 --> 02:51:14.870
.

02:51:14.870 --> 02:51:15.430
.

02:51:18.230 --> 02:51:19.630
.

02:51:19.630 --> 02:51:21.670
.

02:51:25.950 --> 02:51:27.350
.

02:51:27.350 --> 02:51:27.830
.

02:51:27.830 --> 02:51:27.850
.

02:51:27.850 --> 02:51:28.430
.

02:51:31.150 --> 02:51:32.470
.

02:51:32.470 --> 02:51:33.130
.

02:51:33.130 --> 02:51:34.710
.

02:51:34.710 --> 02:51:34.730
.

02:51:34.730 --> 02:51:37.230
.

02:51:37.230 --> 02:51:37.710
.

02:51:42.990 --> 02:51:44.390
.

02:51:44.390 --> 02:51:45.250
.

02:51:47.630 --> 02:51:49.030
.

02:51:50.770 --> 02:51:51.370
.

02:51:51.370 --> 02:51:51.670
.

02:51:59.610 --> 02:52:00.210
.

02:52:00.210 --> 02:52:00.230
.

02:52:00.230 --> 02:52:00.250
.

02:52:00.250 --> 02:52:02.030
.

02:52:02.030 --> 02:52:02.770
.

02:52:06.450 --> 02:52:07.850
.

02:52:07.850 --> 02:52:08.190
.

02:52:08.190 --> 02:52:08.910
.

02:52:08.910 --> 02:52:11.230
.

02:52:11.230 --> 02:52:12.050
.

02:52:12.050 --> 02:52:12.250
.

02:52:12.250 --> 02:52:12.290
.

02:52:17.330 --> 02:52:18.730
.

02:52:18.730 --> 02:52:19.650
.

02:52:19.650 --> 02:52:20.210
.

02:52:20.210 --> 02:52:20.350
.

02:52:20.350 --> 02:52:20.770
.

02:52:26.650 --> 02:52:27.630
.

02:52:27.630 --> 02:52:28.430
.

02:52:28.430 --> 02:52:28.490
.

02:52:28.490 --> 02:52:29.070
.

02:52:30.890 --> 02:52:32.290
.

02:52:32.290 --> 02:52:33.350
.

02:52:33.350 --> 02:52:33.910
.

02:52:36.170 --> 02:52:37.570
.

02:52:37.570 --> 02:52:38.210
.

02:52:38.210 --> 02:52:38.330
.

02:52:38.330 --> 02:52:38.530
.

02:52:38.530 --> 02:52:39.350
.

02:52:39.350 --> 02:52:41.350
.

02:52:44.830 --> 02:52:46.230
.

02:52:46.230 --> 02:52:48.230
.

02:52:48.230 --> 02:52:48.430
.

02:52:52.310 --> 02:52:52.830
.

02:52:52.830 --> 02:52:52.870
.

02:52:52.870 --> 02:52:53.190
.

02:52:53.190 --> 02:52:55.590
.

02:52:55.590 --> 02:52:55.610
.

02:53:01.370 --> 02:53:02.770
.

02:53:02.770 --> 02:53:02.890
.

02:53:06.170 --> 02:53:07.510
.

02:53:07.510 --> 02:53:07.530
.

02:53:07.530 --> 02:53:08.750
.

02:53:08.750 --> 02:53:09.490
.

02:53:09.490 --> 02:53:09.530
.

02:53:15.490 --> 02:53:16.890
.

02:53:19.510 --> 02:53:20.910
.

02:53:20.910 --> 02:53:21.870
.

02:53:23.630 --> 02:53:25.030
.

02:53:25.030 --> 02:53:26.930
.

02:53:26.930 --> 02:53:28.570
.

02:53:28.570 --> 02:53:29.110
.

02:53:29.110 --> 02:53:30.010
.

02:53:30.010 --> 02:53:30.250
.

02:53:30.250 --> 02:53:30.710
.

02:53:30.710 --> 02:53:30.770
.

02:53:30.770 --> 02:53:30.790
.

02:53:30.790 --> 02:53:31.130
.

02:53:34.090 --> 02:53:34.870
.

02:53:34.870 --> 02:53:34.910
.

02:53:34.910 --> 02:53:35.350
.

02:53:35.350 --> 02:53:36.150
.

02:54:02.250 --> 02:54:03.650
.

02:54:03.650 --> 02:54:05.190
.

02:54:05.190 --> 02:54:05.210
.

02:54:05.210 --> 02:54:05.750
.

02:54:11.810 --> 02:54:13.210
.

02:54:13.210 --> 02:54:15.510
.

02:54:20.550 --> 02:54:21.950
.

02:54:21.950 --> 02:54:22.130
.

02:54:22.130 --> 02:54:22.910
.

02:54:33.730 --> 02:54:35.130
.

02:54:35.130 --> 02:54:35.630
.

02:54:43.170 --> 02:54:44.170
.

02:54:44.170 --> 02:54:44.250
.

02:54:44.250 --> 02:54:44.990
.

02:54:44.990 --> 02:54:45.430
.

02:54:45.430 --> 02:54:45.690
.

02:54:45.690 --> 02:54:47.330
.

02:54:50.690 --> 02:54:51.530
.

02:54:51.530 --> 02:54:54.030
.

02:54:54.030 --> 02:54:54.210
.

02:54:54.210 --> 02:54:54.550
.

02:54:54.550 --> 02:54:55.850
.

02:54:55.850 --> 02:54:56.690
.

02:54:56.690 --> 02:54:57.430
.

02:55:02.790 --> 02:55:04.190
.

02:55:04.190 --> 02:55:04.370
.

02:55:04.370 --> 02:55:06.010
.

02:55:07.530 --> 02:55:08.930
.

02:55:08.930 --> 02:55:09.470
.

02:55:09.470 --> 02:55:10.690
.

02:55:10.690 --> 02:55:13.130
.

02:55:13.130 --> 02:55:14.050
.

02:55:14.050 --> 02:55:15.990
.

02:55:15.990 --> 02:55:17.830
.

02:55:17.830 --> 02:55:17.930
.

02:55:17.930 --> 02:55:18.650
.

02:55:18.650 --> 02:55:19.610
.

02:55:19.610 --> 02:55:20.630
.

02:55:20.630 --> 02:55:22.330
.

02:55:30.630 --> 02:55:31.130
.

02:55:31.130 --> 02:55:31.150
.

02:55:31.150 --> 02:55:32.850
.

02:55:32.850 --> 02:55:33.470
.

02:55:33.470 --> 02:55:34.350
.

02:55:34.350 --> 02:55:35.070
.

02:55:36.810 --> 02:55:38.210
.

02:55:38.210 --> 02:55:39.110
.

02:55:48.430 --> 02:55:49.510
.

02:55:49.510 --> 02:55:49.690
.

02:55:49.690 --> 02:55:49.730
.

02:55:49.730 --> 02:55:51.270
.

02:55:59.810 --> 02:56:01.210
.

02:56:01.210 --> 02:56:01.230
.

02:56:01.230 --> 02:56:01.290
.

02:56:01.290 --> 02:56:01.570
.

02:56:04.410 --> 02:56:05.210
.

02:56:05.210 --> 02:56:05.610
.

02:56:05.610 --> 02:56:08.250
.

02:56:08.250 --> 02:56:09.470
.

02:56:09.470 --> 02:56:10.850
.

02:56:12.730 --> 02:56:14.130
.

02:56:14.130 --> 02:56:15.190
.

02:56:15.190 --> 02:56:16.490
.

02:56:16.490 --> 02:56:18.010
.

02:56:18.010 --> 02:56:18.430
.

02:56:18.430 --> 02:56:18.970
.

02:56:22.290 --> 02:56:23.690
.

02:56:23.690 --> 02:56:23.810
.

02:56:23.810 --> 02:56:24.910
.

02:56:24.910 --> 02:56:25.330
.

02:56:25.330 --> 02:56:25.950
.

02:56:25.950 --> 02:56:26.210
.

02:56:26.210 --> 02:56:26.390
.

02:56:26.390 --> 02:56:26.410
.

02:56:26.410 --> 02:56:27.750
.

02:56:27.750 --> 02:56:27.910
.

02:56:27.910 --> 02:56:28.570
.

02:56:28.570 --> 02:56:29.370
.

02:56:29.370 --> 02:56:29.750
.

02:56:29.750 --> 02:56:30.170
.

02:56:30.170 --> 02:56:31.610
.

02:56:31.610 --> 02:56:33.750
.

02:56:33.750 --> 02:56:33.790
.

02:56:37.690 --> 02:56:39.090
.

02:56:39.090 --> 02:56:39.710
.

02:56:39.710 --> 02:56:40.450
.

02:56:40.450 --> 02:56:41.010
.

02:56:41.010 --> 02:56:42.870
.

02:56:42.870 --> 02:56:42.890
.

02:56:42.890 --> 02:56:43.370
.

02:56:45.710 --> 02:56:46.670
.

02:56:46.670 --> 02:56:46.810
.

02:56:46.810 --> 02:56:48.070
.

02:56:54.230 --> 02:56:55.630
.

02:56:55.630 --> 02:56:55.650
.

02:56:55.650 --> 02:56:55.830
.

02:56:55.830 --> 02:56:57.030
.

02:56:59.270 --> 02:57:00.670
.

02:57:00.670 --> 02:57:01.270
.

02:57:01.270 --> 02:57:04.050
.

02:57:04.050 --> 02:57:05.790
.

02:57:09.570 --> 02:57:10.970
.

02:57:10.970 --> 02:57:11.590
.

02:57:11.590 --> 02:57:11.950
.

02:57:11.950 --> 02:57:13.770
.

02:57:16.950 --> 02:57:17.750
.

02:57:17.750 --> 02:57:20.510
.

02:57:20.510 --> 02:57:20.630
.

02:57:20.630 --> 02:57:21.030
.

02:57:21.030 --> 02:57:21.950
.

02:57:21.950 --> 02:57:22.310
.

02:57:22.310 --> 02:57:22.710
.

02:57:22.710 --> 02:57:22.970
.

02:57:22.970 --> 02:57:24.030
.

02:57:24.030 --> 02:57:24.390
.

02:57:24.390 --> 02:57:25.330
.

02:57:25.330 --> 02:57:26.090
.

02:57:29.170 --> 02:57:30.570
.

02:57:30.570 --> 02:57:30.770
.

02:57:30.770 --> 02:57:31.170
.

02:57:34.050 --> 02:57:35.450
.

02:57:35.450 --> 02:57:36.270
.

02:57:36.270 --> 02:57:36.630
.

02:57:36.630 --> 02:57:37.610
.

02:57:37.610 --> 02:57:38.050
.

02:57:39.790 --> 02:57:41.190
.

02:57:41.190 --> 02:57:43.130
.

02:57:46.730 --> 02:57:48.130
.

02:57:48.130 --> 02:57:48.370
.

02:57:48.370 --> 02:57:48.390
.

02:57:48.390 --> 02:57:49.830
.

02:57:49.830 --> 02:57:52.310
.

02:57:55.150 --> 02:57:56.550
.

02:57:56.550 --> 02:57:56.950
.

02:57:56.950 --> 02:57:56.970
.

02:57:56.970 --> 02:57:57.630
.

02:57:59.410 --> 02:58:00.750
.

02:58:00.750 --> 02:58:00.950
.

02:58:00.950 --> 02:58:01.630
.

02:58:01.630 --> 02:58:02.670
.

02:58:04.270 --> 02:58:05.670
.

02:58:05.670 --> 02:58:06.330
.

02:58:06.330 --> 02:58:07.350
.

02:58:07.350 --> 02:58:09.190
.

02:58:16.150 --> 02:58:17.550
.

02:58:17.550 --> 02:58:17.950
.

02:58:17.950 --> 02:58:18.690
.

02:58:18.690 --> 02:58:19.950
.

02:58:19.950 --> 02:58:20.250
.

02:58:23.330 --> 02:58:24.730
.

02:58:24.730 --> 02:58:25.350
.

02:58:25.350 --> 02:58:27.450
.

02:58:27.450 --> 02:58:28.530
.

02:58:28.530 --> 02:58:29.870
.

02:58:29.870 --> 02:58:31.690
.

02:58:31.690 --> 02:58:31.910
.

02:58:31.910 --> 02:58:31.930
.

02:58:31.930 --> 02:58:32.770
.

02:58:35.510 --> 02:58:36.910
.

02:58:36.910 --> 02:58:37.010
.

02:58:37.010 --> 02:58:39.610
.

02:58:39.610 --> 02:58:41.310
.

02:58:45.850 --> 02:58:47.250
.

02:58:47.250 --> 02:58:47.870
.

02:58:47.870 --> 02:58:48.270
.

02:58:50.850 --> 02:58:52.250
.

02:58:52.250 --> 02:58:53.290
.

02:58:53.290 --> 02:58:53.750
.

02:58:53.750 --> 02:58:54.030
.

02:58:54.030 --> 02:58:54.430
.

02:58:56.030 --> 02:58:56.890
.

02:58:56.890 --> 02:58:57.230
.

02:58:57.230 --> 02:58:58.830
.

02:58:58.830 --> 02:59:00.210
.

02:59:00.210 --> 02:59:00.550
.

02:59:02.270 --> 02:59:02.950
.

02:59:02.950 --> 02:59:03.050
.

02:59:03.050 --> 02:59:04.410
.

02:59:06.690 --> 02:59:08.090
.

02:59:08.090 --> 02:59:08.250
.

02:59:08.250 --> 02:59:10.130
.

02:59:13.250 --> 02:59:13.930
.

02:59:13.930 --> 02:59:15.970
.

02:59:15.970 --> 02:59:16.270
.

02:59:16.270 --> 02:59:16.750
.

02:59:16.750 --> 02:59:17.610
.

02:59:17.610 --> 02:59:18.450
.

02:59:18.450 --> 02:59:18.490
.

02:59:20.890 --> 02:59:22.290
.

02:59:22.290 --> 02:59:22.870
.

02:59:22.870 --> 02:59:23.710
.

02:59:23.710 --> 02:59:23.930
.

02:59:23.930 --> 02:59:24.810
.

02:59:24.810 --> 02:59:25.450
.

02:59:27.610 --> 02:59:28.890
.

02:59:28.890 --> 02:59:28.910
.

02:59:28.910 --> 02:59:29.910
.

02:59:32.690 --> 02:59:34.090
.

02:59:34.090 --> 02:59:34.110
.

02:59:36.930 --> 02:59:38.330
.

02:59:40.930 --> 02:59:42.330
.

02:59:42.330 --> 02:59:42.470
.

02:59:42.470 --> 02:59:42.610
.

02:59:42.610 --> 02:59:43.910
.

02:59:43.910 --> 02:59:44.310
.

02:59:45.970 --> 02:59:47.370
.

02:59:50.530 --> 02:59:50.570
.

03:00:17.250 --> 03:00:17.290
.

03:00:17.290 --> 03:00:17.310
.

03:00:17.310 --> 03:00:17.330
.

03:00:17.330 --> 03:00:17.350
.

03:00:17.350 --> 03:00:18.050
.

03:00:18.050 --> 03:00:20.750
.

03:00:20.750 --> 03:00:21.270
.

03:00:24.470 --> 03:00:25.870
.

03:00:25.870 --> 03:00:26.830
.

03:00:31.390 --> 03:00:32.790
.

03:00:32.790 --> 03:00:33.570
.

03:00:33.570 --> 03:00:33.630
.

03:00:33.630 --> 03:00:35.010
.

03:00:35.010 --> 03:00:36.030
.

03:00:36.030 --> 03:00:36.190
.

03:00:36.190 --> 03:00:38.530
.

03:00:45.690 --> 03:00:47.090
.

03:00:47.090 --> 03:00:47.110
.

03:00:47.110 --> 03:00:47.130
.

03:00:47.130 --> 03:00:48.430
.

03:00:48.430 --> 03:00:48.510
.

03:00:48.510 --> 03:00:48.530
.

03:00:51.030 --> 03:00:52.410
.

03:00:52.410 --> 03:00:52.890
.

03:00:52.890 --> 03:00:53.450
.

03:00:53.450 --> 03:00:54.230
.

03:00:55.670 --> 03:00:57.010
.

03:00:57.010 --> 03:00:58.230
.

03:00:58.230 --> 03:00:58.250
.

03:00:58.250 --> 03:00:59.650
.

03:00:59.650 --> 03:00:59.710
.

03:00:59.710 --> 03:01:02.490
.

03:01:02.490 --> 03:01:05.050
.

03:01:08.290 --> 03:01:09.050
.

03:01:09.050 --> 03:01:09.430
.

03:01:19.190 --> 03:01:19.950
.

03:01:19.950 --> 03:01:19.970
.

03:01:19.970 --> 03:01:19.990
.

03:01:19.990 --> 03:01:20.030
.

03:01:30.170 --> 03:01:31.570
.

03:01:31.570 --> 03:01:33.490
.

03:01:37.950 --> 03:01:39.350
.

03:01:39.350 --> 03:01:39.870
.

03:01:39.870 --> 03:01:39.910
.

03:01:39.910 --> 03:01:40.370
.

03:01:40.370 --> 03:01:41.130
.

03:01:41.130 --> 03:01:41.450
.

03:01:41.450 --> 03:01:41.770
.

03:01:41.770 --> 03:01:41.810
.

03:01:41.810 --> 03:01:42.330
.

03:01:42.330 --> 03:01:43.170
.

03:01:43.170 --> 03:01:44.170
.

03:01:44.170 --> 03:01:46.310
.

03:01:46.310 --> 03:01:47.330
.

03:01:47.330 --> 03:01:48.810
.

03:01:50.490 --> 03:01:50.730
.

03:01:50.730 --> 03:01:50.850
.

03:01:50.850 --> 03:01:50.890
.

03:01:50.890 --> 03:01:51.890
.

03:01:51.890 --> 03:01:53.190
.

03:01:53.190 --> 03:01:55.750
.

03:01:55.750 --> 03:01:55.830
.

03:01:55.830 --> 03:01:56.650
.

03:01:56.650 --> 03:01:57.230
.

03:01:57.230 --> 03:01:58.570
.

03:01:58.570 --> 03:01:59.390
.

03:01:59.390 --> 03:02:00.610
.

03:02:00.610 --> 03:02:01.430
.

03:02:01.430 --> 03:02:02.650
.

03:02:02.650 --> 03:02:05.190
.

03:02:05.190 --> 03:02:05.290
.

03:02:05.290 --> 03:02:07.950
.

03:02:07.950 --> 03:02:09.030
.

03:02:33.850 --> 03:02:35.250
.

03:02:35.250 --> 03:02:37.890
.

03:02:37.890 --> 03:02:37.910
.

03:02:37.910 --> 03:02:37.930
.

03:02:37.930 --> 03:02:38.130
.

03:02:38.130 --> 03:02:38.150
.

03:02:38.150 --> 03:02:39.970
.

03:02:39.970 --> 03:02:41.710
.

03:02:41.710 --> 03:02:43.110
.

03:02:43.110 --> 03:02:45.350
.

03:02:45.350 --> 03:02:45.790
.

03:02:45.790 --> 03:02:46.230
.

03:02:46.230 --> 03:02:46.670
.

03:02:46.670 --> 03:02:47.110
.

03:02:47.110 --> 03:02:47.390
.

03:02:49.010 --> 03:02:49.890
.

03:02:49.890 --> 03:02:51.510
.

03:02:59.890 --> 03:03:00.170
.

03:03:00.170 --> 03:03:00.190
.

03:03:00.190 --> 03:03:00.210
.

03:03:00.210 --> 03:03:00.830
.

03:03:00.830 --> 03:03:03.430
.

03:03:03.430 --> 03:03:04.170
.

03:03:04.170 --> 03:03:04.890
.

03:03:06.970 --> 03:03:08.030
.

03:03:08.030 --> 03:03:08.070
.

03:03:08.070 --> 03:03:08.410
.

03:03:08.410 --> 03:03:09.050
.

03:03:09.050 --> 03:03:09.630
.

03:03:09.630 --> 03:03:09.930
.

03:03:12.030 --> 03:03:13.250
.

03:03:13.250 --> 03:03:14.830
.

03:03:14.830 --> 03:03:14.850
.

03:03:16.290 --> 03:03:17.690
.

03:03:17.690 --> 03:03:17.910
.

03:03:17.910 --> 03:03:19.010
.

03:03:19.010 --> 03:03:19.770
.

03:03:19.770 --> 03:03:20.390
.

03:03:22.130 --> 03:03:23.530
.

03:03:23.530 --> 03:03:25.990
.

03:03:29.750 --> 03:03:31.150
.

03:03:31.150 --> 03:03:31.770
.

03:03:31.770 --> 03:03:32.710
.

03:03:34.610 --> 03:03:36.010
.

03:03:36.010 --> 03:03:36.150
.

03:03:36.150 --> 03:03:37.230
.

03:03:37.230 --> 03:03:38.130
.

03:03:40.410 --> 03:03:41.810
.

03:03:41.810 --> 03:03:41.970
.

03:03:44.490 --> 03:03:45.890
.

03:03:45.890 --> 03:03:46.390
.

03:03:46.390 --> 03:03:46.630
.

03:03:46.630 --> 03:03:47.270
.

03:03:47.270 --> 03:03:47.590
.

03:03:49.590 --> 03:03:50.790
.

03:03:50.790 --> 03:03:51.510
.

03:03:51.510 --> 03:03:51.750
.

03:03:51.750 --> 03:03:52.230
.

03:03:52.230 --> 03:03:52.670
.

03:03:52.670 --> 03:03:52.790
.

03:03:52.790 --> 03:03:53.310
.

03:03:53.310 --> 03:03:54.090
.

03:03:54.090 --> 03:03:55.090
.

03:03:57.130 --> 03:03:58.530
.

03:03:58.530 --> 03:03:58.850
.

03:03:58.850 --> 03:03:59.570
.

03:03:59.570 --> 03:04:00.390
.

03:04:00.390 --> 03:04:03.110
.

03:04:03.110 --> 03:04:04.270
.

03:04:04.270 --> 03:04:07.010
.

03:04:07.010 --> 03:04:07.990
.

03:04:09.750 --> 03:04:11.150
.

03:04:11.150 --> 03:04:11.370
.

03:04:13.330 --> 03:04:14.730
.

03:04:14.730 --> 03:04:15.290
.

03:04:15.290 --> 03:04:17.090
.

03:04:17.090 --> 03:04:18.870
.

03:04:18.870 --> 03:04:20.630
.

03:04:20.630 --> 03:04:21.690
.

03:04:21.690 --> 03:04:22.370
.

03:04:22.370 --> 03:04:24.170
.

03:04:24.170 --> 03:04:24.930
.

03:04:24.930 --> 03:04:25.930
.

03:04:25.930 --> 03:04:27.510
.

03:04:27.510 --> 03:04:30.030
.

03:04:30.030 --> 03:04:30.050
.

03:04:30.050 --> 03:04:30.470
.

03:04:33.910 --> 03:04:35.310
.

03:04:35.310 --> 03:04:35.670
.

03:04:35.670 --> 03:04:36.150
.

03:04:39.350 --> 03:04:40.130
.

03:04:40.130 --> 03:04:40.430
.

03:04:40.430 --> 03:04:40.630
.

03:04:42.370 --> 03:04:43.770
.

03:04:46.850 --> 03:04:48.250
.

03:04:48.250 --> 03:04:49.170
.

03:04:49.170 --> 03:04:49.890
.

03:04:49.890 --> 03:04:50.970
.

03:04:50.970 --> 03:04:52.110
.

03:04:52.110 --> 03:04:54.450
.

03:04:54.450 --> 03:04:54.590
.

03:04:56.890 --> 03:04:58.290
.

03:04:58.290 --> 03:04:59.250
.

03:04:59.250 --> 03:04:59.530
.

03:05:09.550 --> 03:05:10.110
.

03:05:10.110 --> 03:05:10.130
.

03:05:10.130 --> 03:05:10.150
.

03:05:10.150 --> 03:05:10.990
.

03:05:16.430 --> 03:05:17.830
.

03:05:17.830 --> 03:05:18.070
.

03:05:18.070 --> 03:05:19.330
.

03:05:19.330 --> 03:05:21.010
.

03:05:21.010 --> 03:05:22.530
.

03:05:24.130 --> 03:05:25.530
.

03:05:25.530 --> 03:05:26.410
.

03:05:26.410 --> 03:05:27.130
.

03:05:30.930 --> 03:05:32.330
.

03:05:32.330 --> 03:05:32.450
.

03:05:32.450 --> 03:05:33.070
.

03:05:33.070 --> 03:05:33.970
.

03:05:35.730 --> 03:05:37.130
.

03:05:37.130 --> 03:05:37.150
.

03:05:39.510 --> 03:05:40.910
.

03:05:40.910 --> 03:05:41.530
.

03:05:41.530 --> 03:05:44.210
.

03:05:44.210 --> 03:05:45.450
.

03:05:47.290 --> 03:05:48.690
.

03:05:48.690 --> 03:05:49.150
.

03:05:49.150 --> 03:05:50.930
.

03:05:50.930 --> 03:05:51.910
.

03:05:51.910 --> 03:05:52.350
.

03:05:52.350 --> 03:05:54.670
.

03:05:54.670 --> 03:05:56.030
.

03:06:01.830 --> 03:06:03.230
.

03:06:03.230 --> 03:06:04.590
.

03:06:10.350 --> 03:06:11.750
.

03:06:11.750 --> 03:06:13.130
.

03:06:14.530 --> 03:06:15.930
.

03:06:15.930 --> 03:06:16.490
.

03:06:18.950 --> 03:06:20.350
.

03:06:20.350 --> 03:06:20.830
.

03:06:20.830 --> 03:06:20.950
.

03:06:20.950 --> 03:06:21.250
.

03:06:23.990 --> 03:06:24.770
.

03:06:24.770 --> 03:06:26.030
.

03:06:26.030 --> 03:06:26.150
.

03:06:26.150 --> 03:06:27.030
.

03:06:27.030 --> 03:06:29.090
.

03:06:54.770 --> 03:06:54.790
.

03:06:55.970 --> 03:06:56.250
.

03:06:56.250 --> 03:06:56.370
.

03:06:56.370 --> 03:06:56.530
.