# UTF-8 Byte Order Marker; see http://unicode.org/faq/utf_bom.html
# bulk_extractor-Version: 1.3b7 ($Rev: 10075 $)
# Filename: drives/nps-2009-ubnist1/ubnist1.gen3.raw
# Feature-Recorder: ether
# Feature-File-Version: 1.1
88992424-GZIP-2957	00:80:98:24:15:6D	\x0Asdptool browse 00:80:98:24:15:6D\x0A.PP \x0Asdptool br
86227489-GZIP-38227	00:50:BF:25:68:F3	      0x2       00:50:BF:25:68:F3   *      eth0\x0A1
86227489-GZIP-38294	00:00:00:00:00:00	      0xc       00:00:00:00:00:00   *      eth0\x0A.
86558996-GZIP-838	08:00:20:00:61:CA	 EXAMPLES \x5C"{{{\x0A08:00:20:00:61:CA  pal\x0A.\x5C"}}}\x0A.SH
323000448-GZIP-2291	88:99:AA:BB:CC:DD	\x0A  with address 88:99:AA:BB:CC:DD it would search
323000448-GZIP-2897	88:99:AA:BB:CC:DD	AC\x0A  address is 88:99:AA:BB:CC:DD and the IP addr
323000448-GZIP-12542	58:FA:84:CF:55:0E	net address was\x0A58:FA:84:CF:55:0E, this would loo
323033231-GZIP-23539	88:99:AA:BB:CC:DD	type 1) address 88:99:AA:BB:CC:DD\x0A\x09  would query 
320212138-GZIP-12099	00:10:83:34:BA:E5	thernet  HWaddr 00:10:83:34:BA:E5  \x0A[...]\x0A-------
320212138-GZIP-26716	00:30:B4:64:27:8B	ard\x0Aprism0\x09\x09mac 00:30:B4:64:27:8B\x0Aprism1\x09\x09mac 00:
320212138-GZIP-26746	00:30:B4:64:27:8D	:8B\x0Aprism1\x09\x09mac 00:30:B4:64:27:8D\x0A---------------
735269592-GZIP-28149	ff:ff:ff:ff:ff:ff	stype=any bssid=ff:ff:ff:ff:ff:ff \x5C\x0A\x09\x09scantype=ac
735269592-GZIP-68608-GZIP-55906	00:50:51:52:53:54	p2Authenticated=00:50:51:52:53:54,00:60:61:62:63:
735269592-GZIP-68608-GZIP-55924	00:60:61:62:63:64	:50:51:52:53:54,00:60:61:62:63:64,00:70:71:72:73:
735269592-GZIP-68608-GZIP-55942	00:70:71:72:73:74	:60:61:62:63:64,00:70:71:72:73:74\x0A     > "meta->m
722304142-GZIP-3456324	00:00:00:00:00:00	ite\x00udp\x00udplite\x0000:00:00:00:00:00\x00Freeing alive i
735379302-GZIP-5120-GZIP-55906	00:50:51:52:53:54	p2Authenticated=00:50:51:52:53:54,00:60:61:62:63:
735379302-GZIP-5120-GZIP-55924	00:60:61:62:63:64	:50:51:52:53:54,00:60:61:62:63:64,00:70:71:72:73:
735379302-GZIP-5120-GZIP-55942	00:70:71:72:73:74	:60:61:62:63:64,00:70:71:72:73:74\x0A     > "meta->m
713841152-GZIP-9665232	00:00:00:00:00:00	ill be reset to 00:00:00:00:00:00, which is inval
713841152-GZIP-10358552	ff:ff:ff:ff:ff:ff	alid input\x0A\x00%s\x0A\x00ff:ff:ff:ff:ff:ff\x00%d.%d.%d.%d\x0A\x00%d
879453406	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 28 13:11:40
879557146	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 28 13:11:40
879694224	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0ADec 28 13:11:51
879694297	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0ADec 28 13:11:51
890349307	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 28 21:07:13
890385570	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 28 21:07:13
890619422	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0ADec 28 21:07:23
890619495	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0ADec 28 21:07:23
901815442	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0AJan  6 19:00:37
901815515	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0AJan  6 19:00:37
901874973	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0AJan  6 19:00:27
901876434	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0AJan  6 19:00:27
904595968-GZIP-21839	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0A[    4.272590] 
901474218	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 29 21:32:09
901505368	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 29 21:32:09
901532128	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 29 21:32:09
901589843	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0ADec 29 21:32:20
901589916	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0ADec 29 21:32:20
901709643	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0ADec 29 21:32:20
901709716	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0ADec 29 21:32:20
901719432	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0ADec 30 20:21:29
901719505	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0ADec 30 20:21:29
901767248	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 30 20:21:19
901770073	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 30 20:21:19
969706929	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0A[    4.146894] 
975953841	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0A[    4.272594] 
946534912-GZIP-36479	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0ADec 30 20:21:19
946534912-GZIP-54437	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0ADec 30 20:21:29
946534912-GZIP-54510	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0ADec 30 20:21:29
996961375	00:0d:56:08:e2:af	0BaseT Ethernet 00:0d:56:08:e2:af\x0AJan  6 19:00:27
996982792	00:0d:56:08:e2:af	ing on LPF/eth0/00:0d:56:08:e2:af\x0AJan  6 19:00:37
996982865	00:0d:56:08:e2:af	g on   LPF/eth0/00:0d:56:08:e2:af\x0AJan  6 19:00:37
1156246339	00:0d:56:08:e2:af	ATTR{address}=="00:0d:56:08:e2:af", ATTR{type}=="