-1

I wanted to extract IP on a Tcpdump Command output.

tcpdump -nei eth0 and src 10.10.10.1

Sample Output of Above Command. As the output was very big I have posted it in below link.

https://pastebin.pl/view/3b6ab16d

Commands Which I tried

tcpdump -nei eth0 and src 10.10.10.1 | grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"

tcpdump -nei eth0 and src 10.10.10.1 | awk '{sub(/^.*> /, "", $0); sub(/:.*$/,"", $0); sub(/\.[^\.][^\.]*$/,"",$0); print $0}'

I wanted the Output to be Like

140.345.12.45
140.345.12.45
140.345.12.45
140.345.12.45
140.345.12.45
140.345.12.45

Only the IP Address. Someone please help me.. T.I.A

Am3Y
  • 75
  • 4
  • use GNU grep: `tcpdump -nei eth0 and src 10.10.10.1 | grep -Po '> \K([^:]+)(?=\.[^:]+:)' ` – jxc Oct 07 '20 at 21:17
  • Pipe it to: `grep -Eo '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'` – user3439894 Oct 07 '20 at 23:58
  • I tried both no output :( – Am3Y Oct 08 '20 at 00:50
  • @Am3Y instead of pastebin, better paste a few lines directly into the question. If there's too much, please try to reduce it and create a minimal sample that reproduces your problem. – rethab Oct 08 '20 at 06:42
  • @rethab I tried to reduce it but I thought a big output can help & will be very much clear how can we extract it :) – Am3Y Oct 08 '20 at 10:11

1 Answers1

1

Based on your shown samples could you please try following. Tested and written in link https://ideone.com/ocWd19

awk '
match($0,/> ([0-9]+\.){3}[0-9]+/){
  print substr($0,RSTART+2,RLENGTH-2)
}' Input_file
RavinderSingh13
  • 130,504
  • 14
  • 57
  • 93