{ "metadata": { "name": "02-parsing_memdumps_ipaddress" }, "nbformat": 3, "nbformat_minor": 0, "worksheets": [ { "cells": [ { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "Demo POC for scraping memory dumps of IP Addresses\n" ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "How to extract data out of a Memory Dump" ] }, { "cell_type": "code", "collapsed": false, "input": [ "import time\n", "import struct\n", "import hashlib\n", " \n", "\"\"\"\n", "Demo POC for scraping memory dumps of IP Addresses\n", "\"\"\"\n", "\n", "filename = \"/root/Desktop/mem/devmem\"" ], "language": "python", "metadata": {}, "outputs": [], "prompt_number": 7 }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ " ." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ " ." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "Open a file in a variable memory_dump" ] }, { "cell_type": "code", "collapsed": false, "input": [ "memory_dump = open(filename, \"rb\")" ], "language": "python", "metadata": {}, "outputs": [], "prompt_number": 3 }, { "cell_type": "code", "collapsed": false, "input": [ "memory_dump" ], "language": "python", "metadata": {}, "outputs": [ { "output_type": "pyout", "prompt_number": 4, "text": [ "" ] } ], "prompt_number": 4 }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "Here I build a byte reader data structure to buffer reads 18 bytes at a time" ] }, { "cell_type": "code", "collapsed": false, "input": [ "def byte_reader(memory_dump, number_bytes):\n", " '''\n", " Read the bytes\n", " '''\n", " byte = memory_dump.read(number_bytes)\n", " return byte\n" ], "language": "python", "metadata": {}, "outputs": [], "prompt_number": 5 }, { "cell_type": "code", "collapsed": false, "input": [ "byte_reader(memory_dump, 18)" ], "language": "python", "metadata": {}, "outputs": [ { "output_type": "pyout", "prompt_number": 7, "text": [ "'\\xc0\\xa8\\nd\\xc0\\xa8\\x01e#*#+\\x00\\x01\\x01\\x0c\\x00\\x01'" ] } ], "prompt_number": 7 }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "This function reads and byte and creates and MD5" ] }, { "cell_type": "code", "collapsed": false, "input": [ "def hashing_byte_reader(memory_dump, number_bytes):\n", " '''\n", " Read the bytes and return MD5\n", " '''\n", " byte = memory_dump.read(number_bytes)\n", " m = hashlib.md5()\n", " m.update(byte)\n", " hash_byte = m.hexdigest()\n", " return byte, hash_byte" ], "language": "python", "metadata": {}, "outputs": [], "prompt_number": 8 }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "POC rolling 18 byte block fuzzy hashing tool implemented in python" ] }, { "cell_type": "code", "collapsed": false, "input": [ "fd = open(filename, \"rb\")\n", "i=0\n", "for element in range (0,56):\n", " buffer = hashing_byte_reader(fd, 18)\n", " print buffer" ], "language": "python", "metadata": {}, "outputs": [ { "output_type": "stream", "stream": "stdout", "text": [ "('\\xc0\\xa8\\nd\\xc0\\xa8\\x01e#*#+\\x00\\x01\\x01\\x0c\\x00\\x01', 'fdd3769ca113ee81510281333c8bc549')\n", "('\\xc0\\xa8\\nf\\xcf\\xa8\\x01g#,#-\\x00\\x01\\x01\\x0c\\x00\\x01', '70b643c90fcf8a2c4e8d6bf6d46a9642')\n", "('\\xc0\\xa8\\nh\\xc0\\xa8\\x01i#+#*\\x00\\x01\\x01\\x0c\\x00\\x03', 'e739435c645ba163beb272e82f5a52b0')\n", "('\\xc0\\xa8\\np\\xc0\\xa8\\x01q#.#+\\x00\\x01\\x01\\x0c\\x00\\x04', '6c1d41af2727e0ef7b633bd8469f233d')\n", "('\\xc0\\xa8\\nJ\\xc0\\xa8\\x01K#/#*\\x00\\x01\\x01\\x0c\\x00\\x05', '718f5bbf61d64bcb61ddaaa006571b28')\n", "('\\xc0\\xa8\\nt\\xc0\\xa8\\x01u$*$+\\x00\\x01\\x01\\x0c\\x00\\x06', '107f6ace8e4d418a3942f21d558368cb')\n", "('\\xc0\\xa8\\nL\\xc0\\xa8\\x01N$,#*\\x00\\x01\\x01\\x0c\\x00\\x07', '92f68010aa801dd43a6bc27e7a0dd4b5')\n", "('\\xc0\\xa8\\nO\\xc0\\xa8\\n\\x01\\xc0\\xa8\\x01\\x0b#.#\\x01\\x00\\x01', 'a6cd885c87a2b793112e98f612858453')\n", "('\\x01\\x0c\\x00\\x08\\xc0\\xa8\\n\\x0c\\xc0\\xa8\\x01\\x0b$*$+\\x00\\x01', '3c74a4f8c3db9398bef708871c547a04')\n", "('\\x01\\x0c\\x00\\x08\\xc0\\xa8\\x01\\x0b\\xc0\\xa8\\n\\x0e\\xc0\\xa8\\x01\\x0c#\\x02', 'ca27c09c328c8a6edac8d1dab4d187db')\n", "('\\x12\\x03\\x00\\x01\\x01\\xc0\\x00\\t\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0', '5fdbe40e63ba9ea6874b9166bad7a57c')\n", "('\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xcc\\x0c\\x00\\xa0\\xa0\\xa0\\xa0\\xa0\\xaa\\n', '4fcf85e7b4e12c936eb930c79f045152')\n", "('\\n\\n\\n\\n\\n\\n\\n\\xef\\xea\\xea\\xea\\n\\n\\n\\n\\n\\n\\n', '12d9dea47c13479417fed59ed3384ac8')\n", "('\\n\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b\\x0b', 'c3e4a48a6a7455c2c7bfd8b29c7055db')\n", "('\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xce\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', '22f8457ff3163aed49fcccfd66e81526')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xf0\\xfe', 'e7e7a808f2871367b77a6029d5d7c9f8')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe', '1a8660345a2ad0a49244ac21a33af1e3')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe', '1a8660345a2ad0a49244ac21a33af1e3')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xef\\xff\\xef\\xff\\xef', '86a471fba5624999ed16516f1d186139')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', '93c8feb7d47900420020902f68d9aae0')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xf0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0', 'a65f344538bf1d207959bc96e90ccdf4')\n", "('\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xcc\\x0c\\x0c\\x0c\\n\\n\\n\\n', 'b0446aeaf0a6c4ab3fe5df19b9919639')\n", "('\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n', '1bb607118047afc5c385b82385dd931f')\n", "('\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n', '1bb607118047afc5c385b82385dd931f')\n", "('\\n\\n\\n\\xa0\\xa0\\xa0\\xa0\\xa0\\xa0\\xa0\\xa0\\xa0\\xa0\\xfe\\xfe\\xfe\\xfe\\xfe', 'a253bc3fc4aabf93106858f8739d3c80')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xff\\xef\\xef\\xef\\xef\\xe0\\xb0\\xb0\\xb0\\xb0\\xb0', '54f5e6d4c8f158531111c70d60458bc4')\n", "('\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0', '36e0b8dccc3198963b2eadd6053a537a')\n", "('\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xb0\\xee\\xee\\xee\\xee\\xee', 'a2c68edcee2ba5af9bea6126bc6c335b')\n", "('\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xef\\xef\\xef\\xef', 'b25e544364a5f78cb6adaa551fd5fc2f')\n", "('\\xef\\xef\\xef\\xef\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee', '44e34967802909cb105324352755f096')\n", "('\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xc0\\xc0\\xce\\xc0\\xc0\\xc0\\xc0\\xcc\\x0c\\x0c', 'd0ee5eed3727fb6a40058b2ec8e5c529')\n", "('\\x0c\\x0c\\x0c\\xc0\\xc0\\xc0\\xc0\\xc0\\xc0\\xcc\\x00\\xa0\\xa0\\xa0\\xa0\\xaa\\n\\n', '46a316e62b0d348a77da6949d0ece527')\n", "('\\n\\n\\n\\n\\n\\n\\x0f\\xe0\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe', '05207832a2d90490bef66f0895434cc6')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xc0\\x08\\xfe\\xfe', '7626507cc644f90d322ec330695af7ac')\n", "('\\xfe\\xfe\\xef\\xef\\xef\\xef\\xef\\xef\\xef\\xef\\xef\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'b1b87d6c6696927932cc53825e923fed')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff', 'ec4d9bcf6cff57d39cf43de74b93ddbb')\n", "('\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfa\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n', '30ecbfc769b61ae9ca66b81643121497')\n", "('\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n', '1bb607118047afc5c385b82385dd931f')\n", "('\\n\\n\\n\\n\\n\\n\\n\\xa0\\n\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe', 'b1c58b17538ac11d6295b1b613f1198c')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xf0\\xf0\\xee\\xee\\xee\\xee', '1bce2ec1da1ca4b9cd57356a1ae5168f')\n", "('\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee', '711dead971bcec1bd723848024a7aac2')\n", "('\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee', '711dead971bcec1bd723848024a7aac2')\n", "('\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee\\xee', '711dead971bcec1bd723848024a7aac2')\n", "('\\xee\\xee\\xee\\xee\\xee\\xef\\xee\\xfe\\xff\\xef\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe', 'ff14b17b764acbe4e2f8e5aea8c6faa7')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe', '1a8660345a2ad0a49244ac21a33af1e3')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\xff\\xef\\xef\\xef\\xef\\xee\\xfe\\xfe\\xfe\\xfe\\xfe', 'a0c2f2a05fcf3370c040dedd285c4df3')\n", "('\\xfe\\xfe\\xfe\\xfe\\xfe\\xfe\\x00\\x01\\x01\\x0c\\x00.\\x0c\\x00\\x01\\t\\x00\\xa9', 'a1877bef53b7863b323688db50912e11')\n", "('\\xc0\\xab\\x01d\\xc0\\xab\\x02f\\x00\\x01#%#$\\x01\\x0c\\x00\\x01', 'f69dd7a40c4e04c44926d4753d315cda')\n" ] } ], "prompt_number": 10 }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "." ] }, { "cell_type": "heading", "level": 2, "metadata": {}, "source": [ "Demo to parse the mem file with 10 of 56 records each of length 18 " ] }, { "cell_type": "code", "collapsed": false, "input": [ "fd = open(filename, \"rb\")" ], "language": "python", "metadata": {}, "outputs": [], "prompt_number": 6 }, { "cell_type": "code", "collapsed": false, "input": [ "i = 0" ], "language": "python", "metadata": {}, "outputs": [], "prompt_number": 7 }, { "cell_type": "code", "collapsed": false, "input": [ "'''\n", "Demo to parse the mem file with 10 of 56 records each of length 18 \n", "'''\n", "\n", "for element in range (0,10):\n", " buffer = byte_reader(fd, 18)\n", " \n", " print 100*\"*\"\n", " print i\n", " sourceAddress = struct.unpack_from('B', buffer,0),\\\n", " struct.unpack_from('B', buffer,1),\\\n", " struct.unpack_from('B', buffer,2),\\\n", " struct.unpack_from('B', buffer,3)\n", " print \"Reading Source IP Address\"\n", " time.sleep(0.5)\n", " \n", " destinationAddress = struct.unpack_from('B', buffer,4),\\\n", " struct.unpack_from('B', buffer,5),\\\n", " struct.unpack_from('B', buffer,6),\\\n", " struct.unpack_from('B', buffer,7)\n", " print \"Reading Destination IP Address\"\n", " time.sleep(0.5)\n", " \n", " sourcePort = struct.unpack_from('H',buffer,8)\n", " \n", " destinationPort = struct.unpack_from('H',buffer,10)\n", " \n", " protocolUsed = struct.unpack_from('H',buffer,12)\n", " \n", " timeStamp = struct.unpack_from('B', buffer,14),\\\n", " struct.unpack_from('B', buffer,15),\\\n", " struct.unpack_from('B', buffer,16),\\\n", " struct.unpack_from('B', buffer,17)\n", " \n", " a,b,c,d = sourceAddress\n", " e,f,g,h = destinationAddress\n", " j = sourcePort\n", " k = destinationPort\n", " \n", " print \"sourceAddress = \", \".\".join([str(a[0]),str(b[0]),str(c[0]),str(d[0])])\n", " print \"destinationAddress = \", \".\".join([str(e[0]),str(f[0]),str(g[0]),str(h[0])])\n", " print \"sourcePort = \", j[0]\n", " print \"destinationPort = \", k[0]\n", " print \"protocolUsed = \", protocolUsed\n", " print \"timeStamp = \", timeStamp\n", " time.sleep(2)\n", " i=i+1" ], "language": "python", "metadata": {}, "outputs": [ { "output_type": "stream", "stream": "stdout", "text": [ "****************************************************************************************************\n", "0\n", "sourceAddress = 192.168.10.100\n", "destinationAddress = 192.168.1.101\n", "sourcePort = 10787\n", "destinationPort = 11043\n", "protocolUsed = (256,)\n", "timeStamp = ((1,), (12,), (0,), (1,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "1\n", "sourceAddress = 192.168.10.102\n", "destinationAddress = 207.168.1.103\n", "sourcePort = 11299\n", "destinationPort = 11555\n", "protocolUsed = (256,)\n", "timeStamp = ((1,), (12,), (0,), (1,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "2\n", "sourceAddress = 192.168.10.104\n", "destinationAddress = 192.168.1.105\n", "sourcePort = 11043\n", "destinationPort = 10787\n", "protocolUsed = (256,)\n", "timeStamp = ((1,), (12,), (0,), (3,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "3\n", "sourceAddress = 192.168.10.112\n", "destinationAddress = 192.168.1.113\n", "sourcePort = 11811\n", "destinationPort = 11043\n", "protocolUsed = (256,)\n", "timeStamp = ((1,), (12,), (0,), (4,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "4\n", "sourceAddress = 192.168.10.74\n", "destinationAddress = 192.168.1.75\n", "sourcePort = 12067\n", "destinationPort = 10787\n", "protocolUsed = (256,)\n", "timeStamp = ((1,), (12,), (0,), (5,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "5\n", "sourceAddress = 192.168.10.116\n", "destinationAddress = 192.168.1.117\n", "sourcePort = 10788\n", "destinationPort = 11044\n", "protocolUsed = (256,)\n", "timeStamp = ((1,), (12,), (0,), (6,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "6\n", "sourceAddress = 192.168.10.76\n", "destinationAddress = 192.168.1.78\n", "sourcePort = 11300\n", "destinationPort = 10787\n", "protocolUsed = (256,)\n", "timeStamp = ((1,), (12,), (0,), (7,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "7\n", "sourceAddress = 192.168.10.79\n", "destinationAddress = 192.168.10.1\n", "sourcePort = 43200\n", "destinationPort = 2817\n", "protocolUsed = (11811,)\n", "timeStamp = ((35,), (1,), (0,), (1,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "8\n", "sourceAddress = 1.12.0.8\n", "destinationAddress = 192.168.10.12\n", "sourcePort = 43200\n", "destinationPort = 2817\n", "protocolUsed = (10788,)\n", "timeStamp = ((36,), (43,), (0,), (1,))\n", "****************************************************************************************************" ] }, { "output_type": "stream", "stream": "stdout", "text": [ "\n", "9\n", "sourceAddress = 1.12.0.8\n", "destinationAddress = 192.168.1.11\n", "sourcePort = 43200\n", "destinationPort = 3594\n", "protocolUsed = (43200,)\n", "timeStamp = ((1,), (12,), (35,), (2,))\n" ] } ], "prompt_number": 8 } ], "metadata": {} } ] }