AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Bash grep ip address11/21/2023 The first column is usually an IP address in most access log files. The port number is a simple two-byte hexadecimal number. The IP address is displayed as a little-endian four-byte hexadecimal number that is, the least significant byte is listed first, so youll need to reverse the order of the bytes to convert it to an IP address. Let’s look at how we can use the awk command to extract all the IP addresses from the sample.log file: $ awk 'match($0, /(25|2|?)\.(25|2|?)\.(25|2|?)/) ' sample.log The local IP address and port number for the socket. Moreover, we can define an action to perform whenever a match is found. It lets us write small but effective programs as statements that define text patterns to search for. The awk command is a Linux utility to manipulate data and generate reports based on the data. We’re passing the -c option to the uniq command to get the total count of individual IP addresses. It also filters the list so it’ll only print unique IP addresses and their respective counts: $ grep -Eo '(25|2|?)\.(25|2|?)\.(25|2|?)\.(25|2|?)' sample.log | uniq -c | sort This counts and sorts the records in ascending order. We can push things further and pipe the results to the uniq and sort commands. We’re using the -E option to interpret the patterns as extended regular expressions (EREs) and the -o option to trim the results and only print the matched part. This regular expression is more strict since it only matches IP addresses that have a value equal to or less than 255 in each of its four parts. In the next sections, we’ll explore different methods for extracting IP addresses from this file. NET CLR )" "-"ħ3.166.162.225 - "GET /apache-log/access.log HTTP/1.1" 200 1299 "-" "Mozilla/5.0 (Windows NT 10.0 Win64 圆4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/.101 Safari/537.36" "-"Įach line above represents different entries in this format: IP-ADDRESS - REQUEST & REQUEST-INFORMATION CIDR/10, (A) single large network, (24-bit, 16M) address range at 100.64+x.y.z/10, where x in.CIDR/16, (C) 256 contiguous networks (16-bit, 64K) address range at .z/16.CIDR/12, (B) 16 contiguous networks (20-bit, 1M) address range at 172.16+x.y.z/12, where x in.CIDR/8, (A) single large network, (24-bit, 16M) address range at 10.x.y.z/8.There are three 'private' network address ranges defined by RFC-1918. A bitmask for the 172.16.0.0/12 CIDR can be formed from a single left-shift, and checked against an address with a single bitwise-and. The IPv4 dotted decimal address can be stored into a 32-bit unsigned integer, and bitwise operations are efficiently performed by network hardware. (extract wlan0: inet .y address from ifconfig output) Search for pattern inet 192 in ifconfig output and get the 10th position using space delimiter. IPv4 was created at a time when 32-bit systems were prevalent. This code works for me on raspberry pi zero w.
0 Comments
Read More
Leave a Reply. |