Unable to exclude IPv4 addresses using regex in grep - grep

I used a regex to grep and output only IPv4 addresses from the file content.
But when I try to use the same regex to exclude all IPv4 addresses, it just does not work.
File content:
# cat IPs
172.16.1.125
172.16.1.4
172.16.1.143
172.16.1.140
172.16.1.77
/dev/nvme101
/dev/sda1
/dev/sdb2
172.16.1.60
172.16.1.146
172.16.1.5
172.16.1.51
172.16.1.99
172.16.1.10
172.16.1.189
To grep only IPv4 addresses:
# grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" IPs
172.16.1.125
172.16.1.4
172.16.1.143
172.16.1.140
172.16.1.77
172.16.1.60
172.16.1.146
172.16.1.5
172.16.1.51
172.16.1.99
172.16.1.10
172.16.1.189
When I try to exclude the IPv4 addresses using the same regex:
# grep -voE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" IPs
#
No output at all.
I was expecting the following output:
/dev/nvme101
/dev/sda1
/dev/sdb2

Get rid of the -o. The -o flag says to only show what was matched rather than the entire line. That doesn't make sense when using -v for lines that do NOT match.
In ack, if you try to use -o and -v together, it throws an error.

Related

Get bytes count using iptables when having a Docker host

When I want to count the number of bytes getting out a Linux system through a particular port I can use iptables, adding a specific rule that can be checked whenever I need.
For instance lets imagine that I need to know how many bytes go out through port 22. I can add the following rule:
iptables -A OUTPUT -p tcp --sport 22
And when I need to know the answer to my question, I run:
iptables -L -nvx
Or if I need just the bytes:
iptables -L -nvx | grep :22 | awk '{ print $2 }'
My problem is that if that system is running Docker, the iptables are changed as explained here and I can't get the desired effect (if I repeat the process above I always get 0 bytes even knowing that was traffic on that port).
Can someone please explain how can I obtain the same bytes count in this case?

regex start of line anchor alternative

I have "file.txt" with the following and I need to get only ip addresses that start a line.
I am using gnu utilities for windows and grep seems to be not behaving incorrectly.
Random Text Here
ABC 10.0.0.0 - 10.20.0.255
IP Ping Hostname
100.5.0.20 11ms N/S
GNU grep 2.5.4
grep -Po ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} file.txt
10.0.0.0
10.20.0.255
100.5.0.20
Correct behavior should only allow 100.5.0.20 since i specified the start line anchor.
Any other Linux command solutions?
I ended up improvising,
grep -oP "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]{1,3} " file.txt| awk "{$1=$1};1" > file.txt
This will grab the ip addresses with 2 spaces, and then remove the spaces with awk.

How can I extract the IP addresses from .cap file?

I have a fwcapture.cap file, which is used by Wireshark.
in it, there have many IP addresses source IPs and destination IPs.
How can I extract the unique IP addresses(no mater source or destination) as a list?
You can use tshark, which already in Wireshark installation.
tshark -T json -e 'ip.src' -e 'ip.dst' -r filename.pcap | grep '\.[0-9]' | sort -u

How can I use xargs to recursively parse email addresses out of text/html files?

I tried recursively parsing email addresses from a directory of text/html files with xargs and grep but this command keep including the path (I just want the email addresses in my resulting emails.csv file).
find . -type f | xargs grep -E -o "\b[A-Za-z0-9._%+-]+#[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" >> ~/emails.csv
Can you explain what's wrong with my grep command? I don't need this to be sorted or unique. I want to match all occurrences of email addresses in files. I need to use xargs cause I'm parsing emails in 20 GB worth of text files.
Thanks.
When you tell grep to search in more than one file, it prepends the corresponding filename to the search result. Try the following to see the effect...
First, search in a single file:
grep local /etc/hosts
# localhost is used to configure the loopback interface
127.0.0.1 localhost
Now search in two files:
grep local /etc/hosts /dev/null
/etc/hosts:# localhost is used to configure the loopback interface
/etc/hosts:127.0.0.1 localhost
To suppress the filename in which the match was found, add the -h switch to grep like this
grep -h <something> <somewhere>

Nmap and grepping of its results

folks.i would like to do reverse dns resolution using nmap where the output will be like below
Ip address resolved name
how do i go about it using grep, thanks
This should do:
nmap 8.8.8.8 | awk '/report/ {split($NF,a,"[()]");print a[2],$5}'
8.8.8.8 google-public-dns-a.google.com
The option to do reverse name resolution in Nmap (without also doing a port scan or host discovery) is -sL. Nmap also has a machine-readable output format called Grepable output, using the -oG option.
Your question asks for a solution using grep, but extracting portions of output lines is not grep's strong suit. For this, you can use awk instead:
nmap -sL 192.0.2.0/24 -oG - | awk '/^Host/{print $2, $3}'
This will have the output in this format:
64.13.134.52 (scanme.nmap.org)
If you want to remove the parentheses, you can pipe the output through tr:
nmap -sL 192.0.2.0/24 -oG - | awk '/^Host/{print $2, $3}' | tr -d '()'

Resources