awk: how to exclude last several characters

ejinh · 08-17-2010, 10:26 PM

Guys, Good Day.

any tips from you guys on how to filter my awk output?
I want to exclude last 5 characters using awk in my tcpdump result.

ex.
192.168.34.12.443:

I don't want to include ".443:" in my tcpdump using awk.

Thanks a ton.

druuna · 08-18-2010, 01:13 AM

Hi,

Must this be done with awk?

A sed solution:

echo "192.168.34.12.443:" | sed 's/\.443://'

or, if the last characters can be any other port:

echo "192.168.34.12.10245:" | sed 's/\.[1-9][0-9]*://'

Hope this helps.

ghostdog74 · 08-18-2010, 01:23 AM

his tcpdump output is more than that. This is the other thread

druuna · 08-18-2010, 01:35 AM

Hi,

@ghostdog74: Too little information by the OP _and_ cross-posting. Don't you just love it when people waste our time

ejinh · 08-18-2010, 02:54 AM

Hi guys, thanks for the response. Sorry for asking and giving you a little info.

What I want is I have this PF running under OpenBSD for the reason to block "UltraSurf", "Your-Freedom", "FreeGate" etc. I was able to block those proxies running under port 443 and I'm using this TCPDUMP to capture if what are those IP's he's digging. My aim here is to capture those IP addresses and automatically will be added to my blacklist.

To capture those IP addresses, I'm using this command "tcpdump -n -q -t -i pflog0 port 443" and it will give me this results:

192.168.77.201.4103 > 61.227.121.97.443: tcp 0 (DF)
192.168.77.201.4104 > 61.227.121.97.443: tcp 0 (DF)
192.168.77.201.4106 > 218.171.71.96.443: tcp 0 (DF)
192.168.77.201.4107 > 114.40.18.243.443: tcp 0 (DF)
192.168.77.201.4108 > 114.40.18.243.443: tcp 0 (DF)
192.168.77.201.4109 > 220.129.163.81.443: tcp 0 (DF)
192.168.77.201.4113 > 118.160.37.170.443: tcp 0 (DF)
192.168.77.201.4116 > 219.85.97.70.443: tcp 0 (DF)
192.168.77.201.4117 > 114.27.242.77.443: tcp 0 (DF)
192.168.77.201.4118 > 114.27.242.77.443: tcp 0 (DF)

With that result I just want only to get those IP address and put it inside my "blacklistip" file automatically.

Hope this helps.

Thanks a lot guys.

druuna · 08-18-2010, 03:10 AM

Hi,

I do believe this was already answered by ghostdog74 in your other thread (post #10).

ejinh · 08-18-2010, 03:19 AM

Hello Guys. Good Day.

Thanks a lot for helping me with this. And thanks as well for giving me some info on how to use SED.