LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   awk: how to exclude last several characters (http://www.linuxquestions.org/questions/linux-general-1/awk-how-to-exclude-last-several-characters-826899/)

ejinh 08-17-2010 10:26 PM

awk: how to exclude last several characters
 
Guys, Good Day.

any tips from you guys on how to filter my awk output?
I want to exclude last 5 characters using awk in my tcpdump result.

ex.
192.168.34.12.443:

I don't want to include ".443:" in my tcpdump using awk.

Thanks a ton.

druuna 08-18-2010 01:13 AM

Hi,

Must this be done with awk?

A sed solution:

echo "192.168.34.12.443:" | sed 's/\.443://'

or, if the last characters can be any other port:

echo "192.168.34.12.10245:" | sed 's/\.[1-9][0-9]*://'

Hope this helps.

ghostdog74 08-18-2010 01:23 AM

his tcpdump output is more than that. This is the other thread

druuna 08-18-2010 01:35 AM

Hi,

@ghostdog74: Too little information by the OP _and_ cross-posting. Don't you just love it when people waste our time :)

ejinh 08-18-2010 02:54 AM

Hi guys, thanks for the response. Sorry for asking and giving you a little info.

What I want is I have this PF running under OpenBSD for the reason to block "UltraSurf", "Your-Freedom", "FreeGate" etc. I was able to block those proxies running under port 443 and I'm using this TCPDUMP to capture if what are those IP's he's digging. My aim here is to capture those IP addresses and automatically will be added to my blacklist.

To capture those IP addresses, I'm using this command "tcpdump -n -q -t -i pflog0 port 443" and it will give me this results:

192.168.77.201.4103 > 61.227.121.97.443: tcp 0 (DF)
192.168.77.201.4104 > 61.227.121.97.443: tcp 0 (DF)
192.168.77.201.4106 > 218.171.71.96.443: tcp 0 (DF)
192.168.77.201.4107 > 114.40.18.243.443: tcp 0 (DF)
192.168.77.201.4108 > 114.40.18.243.443: tcp 0 (DF)
192.168.77.201.4109 > 220.129.163.81.443: tcp 0 (DF)
192.168.77.201.4113 > 118.160.37.170.443: tcp 0 (DF)
192.168.77.201.4116 > 219.85.97.70.443: tcp 0 (DF)
192.168.77.201.4117 > 114.27.242.77.443: tcp 0 (DF)
192.168.77.201.4118 > 114.27.242.77.443: tcp 0 (DF)


With that result I just want only to get those IP address and put it inside my "blacklistip" file automatically.

Hope this helps.

Thanks a lot guys.

druuna 08-18-2010 03:10 AM

Hi,

I do believe this was already answered by ghostdog74 in your other thread (post #10).

ejinh 08-18-2010 03:19 AM

Hello Guys. Good Day.

Thanks a lot for helping me with this. And thanks as well for giving me some info on how to use SED.


All times are GMT -5. The time now is 07:29 PM.