Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

4
  • Thanks for this solution. It works quite well, although it is very strict, as you say. I just tested it on a tcpdump excerpt and it couldn't make out any IP address in a line containing block in on vtnet0: 213.109.234.47.19888 > 213.109.163.124.23. Is there possibly a modification that is able to read that format? Commented Feb 22, 2020 at 11:45
  • I've updated to a version which should handle the host.port thing (Which aren't actually valid ipv4 or ipv6 addresses). But this is less robust than simply tokenizing words of [a-zA-Z0-9_:.]+ and applying inet_pton to them. Commented Feb 23, 2020 at 11:20
  • Anyways, this was one of the xyest xy-questions ;-) You should've started with telling that's a tcpdump output, not an arbitrary file. It's unlikely that those addresses need any validation, something simple like awk '/ > /{print$10; print $12}' file | sed 's/\.[^.]*$//' could've done. Commented Feb 23, 2020 at 11:36
  • I’ve not led with that because the tcpdump file is just an extreme example. I was looking for a general solution, not super-specific to one use case. If it were just those logs, writing even a regex would be quite straight-forward. Commented Feb 23, 2020 at 11:39