├── README.txt └── ipextract /README.txt: -------------------------------------------------------------------------------- 1 | Introduction 2 | ------------ 3 | These are a couple of shell tools to extract useful TCP/IP related information: 4 | ipextract : extracts IP addresses from stdin 5 | ipextractnet : extracts IP addresses with netmask from stdin 6 | ipextracttcp : extracts tcp port (of form 123/tcp) from stdin 7 | ipextractudp : extracts udp port (of form 123/udp) from stdin 8 | ipextractsctp : extracts sctp port (of form 123/sctp) from stdin 9 | ipextractfqdn : extracts FQDN (and IP addresses) from stdin 10 | 11 | 12 | Usage 13 | ----- 14 | Use by sourcing it from your shell: 15 | 16 | . ipextract 17 | 18 | Real world 19 | ---------- 20 | then run some of the scripts: 21 | 22 | $ ipextract < /etc/hosts 23 | 127.0.0.1 24 | 255.255.255.255 25 | $ 26 | 27 | For some example of real use: 28 | ipextractfqdn < /var/log/snort/alert | sort -u 29 | dmesg | ipextractudp 30 | netstat -an | ipextractplusport 31 | ifconfig | ipextract6 32 | 33 | Automate usage: 34 | --------------- 35 | Add it to your bashrc (or other RC file) for automatic inclusion 36 | e.g.: 37 | echo '. ~/bin/ipextract/ipextract' >> .bashrc 38 | -------------------------------------------------------------------------------- /ipextract: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Matches: 192.168.0.1 4 | ipextract () 5 | { 6 | egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' 7 | } 8 | 9 | # Matches: 192.168.0.1 10 | ipextractlegacy () 11 | { 12 | egrep --only-matching -E '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}' 13 | } 14 | 15 | # Matches: fe80::7ed1:c3ff:feec:dee1 16 | ipextract6 () 17 | { 18 | grep --only-matching -E '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]).){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' 19 | } 20 | 21 | # Matches: 127.0.0.1.1023 22 | # netstat style 23 | ipextractplusport () 24 | { 25 | egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.[[:digit:]]+' 26 | } 27 | 28 | ipextract () 29 | { 30 | egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' 31 | } 32 | 33 | 34 | # Matches: 192.168.0.0/24 35 | ipextractnet () 36 | { 37 | egrep --only-matching -E '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)/[[:digit:]]+' 38 | } 39 | 40 | # Matches: 80/tcp 41 | ipextracttcp () 42 | { 43 | egrep --only-matching -E '[[:digit:]]+/tcp' 44 | } 45 | 46 | # Matches: 53/udp 47 | ipextractudp () 48 | { 49 | egrep --only-matching -E '[[:digit:]]+/udp' 50 | } 51 | 52 | # Matches: 2905/sctp 53 | ipextractsctp () 54 | { 55 | egrep --only-matching -E '[[:digit:]]+/sctp' 56 | } 57 | 58 | # Matches: www.eff.org 59 | ipextractfqdn () 60 | { 61 | egrep --only-matching -E '[a-zA-Z0-9]+[a-zA-Z0-9\-\.]*\.[a-zA-Z]{2,}' 62 | } 63 | 64 | --------------------------------------------------------------------------------