Recent content by Cybex1

You can use "lsb_release -a" to determine what linux distro you have, but it is a bit verbose. lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 6.0.6 (squeeze) Release: 6.0.6 Codename: squeeze Use "lsb_release -s -c" to get just the codename...

Thanks LKBrwnDBA, I was able to get to that point as well but the problem is that the output does not show the IP related to the geoip return. So I am not able to correlate 123.23.43.125 to Germany. All I see in the output is Germany and then if I want to know which IP was the one that points...

I am trying to keep this to a one-liner... How can I take the IP addresses as the are looping through and push them into another command? I have this part already. netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}' I...

I have a script I found that I am trying to adapt to read the ASCII characters of a file and convert them all to decimal. The script works but I can not tell the values apart once they are printed. I.E: 101961245175 but I need: 101:96:12:45:175 I don't care what the separator value is I just...

Disregard, I figured it out... I was apparently sleep deprived (that's my story) and completely screwed up the syntax. In order to search for the returned IP addresses you must search using the hexadecimal representation or that IP address. I.e.: "202.190.87.182" would be "ca be 57 b6". The...

Well either use the one-liner I showed you or create a new file called "awkscript.sh", chmod it to make it executable, paste this as the first line "#!/bin/bash", put your five individual scripts below it and save the file. Then you can run the script like this "./awkscript.sh" and it will run...

Your sample output doesn't match your stated requirements. By your own sample data, your output for all "NOK" in the second field should be: AND NOK AND NOK MAD NOK MAD NOK MAD NOK So, if this is truly the out put you desire... root@linux:~# cat sort.txt | awk '$2 == "NOK"' AND NOK AND NOK...

I am trying to search through raw pcap files for IP addresses that are returned in the DNS lookup process. The IP addresses in question are not the SRC or DST they are the IP addreses of the domain name that was looked up. The IP is stored in the response content, as such: Wireshark summary...

Do you need each of the output files or are they just holding the values while you proceed to the next step? If not, this is each of your awk's concatenated: ls -ltr --full-time -p | awk '{print $9, $6, $7}'|awk '{if ($1 ~/\//) {print} else {} }' |awk 'BEGIN {FS= "." } 1==1 {print $1}'|awk...

With the SED stuff I came up with this... for i in `ls /media/KINGSTON/test*.pcap`; do awk -F"\t" '{print $5}' </media/KINGSTON/attrib.txt | xargs -I % ngrep -W single -qltttiI -q % -I $i; done | sed -e 's/ -> / /g' -e 's/.[0-9][0-9][0-9][0-9][0-9][0-9]//g' -e 's/U //g' -e 's/\.\.\.\.\.//g' -e...

Well crap.... Ok, one part of my script was giving me what I told it to but that wasn't what I wanted...[sad] This is the only code that currently works: for i in `ls /media/KINGSTON/test*.pcap`; do awk -F"\t" '{print $5}' </media/KINGSTON/attrib.txt | xargs -I % ngrep -W single -qltttiI -q %...

LKBrwnDBA, Thanks! That was helpful but I am still having issues... I searched the forum and did find some previous posts that were close but not close enough to solve my issue. I needed run ngrep against some pcap files for domain names contained in a text file. The pcap files are...

Guess I should state that the pcap is filtered for UDP port 53, DNS traffic only.

I needed run ngrep against some pcap files for domain names contained in a text file. I was able to accomplish this with the following; for i in `ls *.pcap`; do <domains.txt xargs -I % ngrep -t -i -W single -q % -I $i >>output.txt; done However, it turns out the requirements were not explained...

Lack of sleep appears to be taking it's toll... I am attempting to enumerate the computers on the domain, loop through them to see if they have a specific registry KEY(not a value), and then document if the key was or was not there and if the computer was offline and not checked. The ping...