Reputation: 3967
Extracting IP addresses with at least 3 conversation in *Nix environment
As seen in the picture, we have a list of IP addresses (Please note that 128.3.* and 131.243.*) are inside our subnet. We prefer to do it in Perl, any other good ideas more than welcome in *nix environment.
The pictures is formatted as:
Destination IP(sorted)- Dest_Port - Source IP- Source_Port
space is used as a separator.
We were doing it manually but know we have huge files and want to automate this procedure.
The problem is we need to get the destination IP addresses (not in our subnet, not 128.3.* and 131.243.*) which are communicated with at least 3 different IP addresses (source) inside our subnet (128.3. * and 131.243.*) .
As an example 117.72.15.207 communicates (not subnet ip) with at least 3 different source addresses are in our subnet (131.243.92.10, 131.243.92.117 and 131.243.92.191). Please note that it communicates with 131.243.92.117 more than one with different source port addresses so it will count only one source address in output. i put a star to specify the condition. we need the list of IP pairs who mets this condition
59.69.194.12 80 131.243.93.74 4492
59.79.35.247 80 131.243.94.123 1307
59.100.23.87 80 131.243.92.72 45577
*117.72.15.207 80 *131.243.92.10 451
*117.72.15.207 80 *131.243.92.117 21071
117.72.15.207 80 131.243.92.117 21072
117.72.15.207 80 131.243.92.117 21073
*117.72.15.207 80 *131.243.92.191 9248
The output will be:
117.72.15.207 80 131.243.92.10 451
117.72.15.207 80 131.243.92.117 21071
117.72.15.207 80 131.243.92.191 9248
Please comment if something is unclear. Thanks...
Upvotes: 2
Views: 250
Answers (1)
Reputation: 3696
#!/usr/bin/env perl
use strict;
my %ip_lookup;
while (<DATA>) {
my ($dest_ip, $dest_port, $source_ip, $source_port) = (split ('\s+', $_));
$ip_lookup{$dest_ip}{$source_ip} = $_ unless $ip_lookup{$dest_ip}{$source_ip};
}
for my $dest_ip (keys %ip_lookup) {
if (scalar(keys %{$ip_lookup{$dest_ip}}) >= 3) {
print $_ for sort values %{$ip_lookup{$dest_ip}};
}
}
__DATA__
9.69.194.12 80 131.243.93.74 4492
59.79.35.247 80 131.243.94.123 1307
59.100.23.87 80 131.243.92.72 45577
117.72.15.207 80 131.243.92.10 451
117.72.15.207 80 131.243.92.117 21071
117.72.15.207 80 131.243.92.117 21072
117.72.15.207 80 131.243.92.117 21073
117.72.15.207 80 131.243.92.191 9248
There are a few ways to do this in perl but the sample I've posted above is simple to explain.
First it's reading each line of the file in (I'm using the DATA handle but it'll work same with file), then splitting the line to get the different ip, port combinations.
Then it populates a multi-level hash unless this destination - source ip combination has been seen before (The differing ports point you made).
Finally it sorts and loops through checking if 3 or source IP entries have been made for each destination IP printing out the line if this is true.
This results in the output:
117.72.15.207 80 131.243.92.10 451
117.72.15.207 80 131.243.92.117 21071
117.72.15.207 80 131.243.92.191 9248
which is what you required.
Upvotes: 1
Related Questions
- How to extract all IP addresses present in a line from a file?
- How to extract multiple IP addresses in awk in a single line
- How can I parse and convert ip database?
- Extract the IP from a log file
- Using Bash to Extract IP Addresses From Each Line of Log File
- Need help automating IP list into file
- bash + how to capture IP address from line
- How to extract IP addresses from a text file using Perl?
- Awk parsing of unique IP addresses from maillog
- How can I parse IP addresses and address ranges with Perl?