Extract unique IPs from live tcpdump capture

后端未结

关注

 3  831

礼貌的吻别 2021-02-10 16:47

I am using the following command to output IPs from live tcpdump capture

sudo tcpdump -nn -q ip -l | awk \'{print $3; fflush(stdout)}\' >> ips.txt
<

3条回答

礼貌的吻别 (楼主)

2021-02-10 17:30

This is a using match (working in macOs)

sudo tcpdump -nn -q ip -l | \
    awk '{match($3,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/); \
    ip = substr($3,RSTART,RLENGTH); \
    if (!seen[ip]++) print ip }'

In case want to pre-filter the input you could use something like:

sudo tcpdump -nn -q ip -l | \
    awk '$3 !~ /^(192\.168|10\.|172\.1[6789]|172\.2[0-9]\.|172\.3[01]\.)/ \
    {match($3,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/); \
    ip = substr($3,RSTART,RLENGTH); \
    if (!seen[ip]++) print ip }'

0 讨论(0)

查看其它3个回答