tcpdump strip ip address from text line

A nice way to strip info from your tcpdump:

tcpdump -i em2 -nn -s 0 <filter> | awk {'print $3'} |
awk -F"[ .]" '{print $1"."$2"."$3"."$4}'

blue: get some data from the second networkcard.

green: print column 3 (source ip address).

red: strip the port number from the column.

Can you figure out what this one does:

tcpdump -i em2 -nn -s 0 -c 10000 | awk {'print $3'} | 
awk -F"[ .]" '{print $1"."$2"."$3"."$4}' | grep 10.10.3.45 | wc -c

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>