The physical interface is more interesting, as we’ll show below: inet6: The IP version 6 address, scope, valid_lft, and preferred_lft.This should never be larger than the valid_lft value. For an IP version 4 IP address allocated by DHCP, this is the amount of time the IP address can be used with no restrictions. For an IP version 4 IP address allocated by Dynamic Host Configuration Protocol (DHCP), this is the length of time the IP address is considered valid and able to make and accept connection requests. lo: The interface with which this IP address is associated.This IP address is only valid inside the computer (the “host”). Eight bits set to one represents 255 in binary, so the subnet mask is 255.0.0.0. The part of the address after the forward-slash ( /) is Classless Inter-Domain Routing notation (CIDR) representing the subnet mask. It indicates how many leading contiguous bits are set to one in the subnet mask. The value of eight means eight bits. link/loopback: The media access control (MAC) address of the interface.qlen 1000: The maximum length of the transmission queue.The default is to place them all in a group called “default.” group default: Interfaces can be grouped logically.state UNKNOWN: This can be DOWN (the network interface is not operational), UNKNOWN (the network interface is operational but nothing is connected), or UP (the network is operational and there is a connection).The noqueue discipline means “send instantly, don’t queue.” This is the default qdisc discipline for virtual devices, such as the loopback address. There are different queuing techniques called disciplines. It schedules the transmission of packets. qdisc noqueue: A qdisc is a queuing mechanism.This is the size of the largest chunk of data this interface can transmit. The physical networking layer (layer one) is also up. lo: The network interface name as a string.6.Let’s break down all the information we received: The first column is usually an IP address in most access log files. Let’s look at how we can use the awk command to extract all the IP addresses from the sample.log file: $ awk 'match($0, /(25|2|?)\.(25|2|?)\.(25|2|?)/) ' sample.log Moreover, we can define an action to perform whenever a match is found. It lets us write small but effective programs as statements that define text patterns to search for. The awk command is a Linux utility to manipulate data and generate reports based on the data. We’re passing the -c option to the uniq command to get the total count of individual IP addresses. It also filters the list so it’ll only print unique IP addresses and their respective counts: $ grep -Eo '(25|2|?)\.(25|2|?)\.(25|2|?)\.(25|2|?)' sample.log | uniq -c | sort This counts and sorts the records in ascending order. We can push things further and pipe the results to the uniq and sort commands. We’re using the -E option to interpret the patterns as extended regular expressions (EREs) and the -o option to trim the results and only print the matched part. This regular expression is more strict since it only matches IP addresses that have a value equal to or less than 255 in each of its four parts. In the next sections, we’ll explore different methods for extracting IP addresses from this file. NET CLR )" "-"ħ3.166.162.225 - "GET /apache-log/access.log HTTP/1.1" 200 1299 "-" "Mozilla/5.0 (Windows NT 10.0 Win64 圆4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/.101 Safari/537.36" "-"Įach line above represents different entries in this format: IP-ADDRESS - REQUEST
0 Comments
Leave a Reply. |