0

我需要帮助才能从文件中获取子字符串。我有两个变量,IP 源地址和 IP 目标地址。我需要验证文件中包含两个 IP 的行并获取源地址的端口。

这是输入文件:

15:29:18.164566 IP (tos 0x0, ttl 1, id 2394, offset 0, flags [none], proto UDP (17), length 125)
    10.0.0.155.58363 > 239.255.255.254.1900: UDP, length 97
    0x0000:  4600 0024 0000 0000 0102 3ad3 0a00 0000  F..$......:.....
    0x0010:  e000 0001 9404 0000 1101 ebfe 0000 0000  ................
    0x0020:  0300 0000 0000 0000 0000 0000 0000       ..............
15:29:18.164566 IP (tos 0x0, ttl 128, id 2394, offset 0, flags [none], proto UDP (17), length 125)
    10.0.0.131.58363 > 239.255.255.250.1900: UDP, length 97
    0x0000:  4600 0024 0000 0000 0102 3ad3 0a00 0000  F..$......:.....
    0x0010:  e000 0001 9404 0000 1101 ebfe 0000 0000  ................
 15:29:18.164566 IP (tos 0x0, ttl 1, id 2394, offset 0, flags [none], proto UDP (17), length 125)
    10.0.0.155.58363 > 239.255.255.254.1900: UDP, length 97
    0x0000:  4600 0024 0000 0000 0102 3ad3 0a00 0000  F..$......:.....
    0x0010:  e000 0001 9404 0000 1101 ebfe 0000 0000  ................
    0x0020:  0300 0000 0000 0000 0000 0000 0000       ..............
15:29:18.164566 IP (tos 0x0, ttl 128, id 2394, offset 0, flags [none], proto UDP (17), length 125)
    10.0.0.131.58363 > 239.255.255.250.1900: UDP, length 97
    0x0000:  4600 0024 0000 0000 0102 3ad3 0a00 0000  F..$......:.....
    0x0010:  e000 0001 9404 0000 1101 ebfe 0000 0000  ................
    0x0020:  0300 0000 0000 0000 0000 0000 0000       ..............
   0x0020:  0300 0000 0000 0000 0000 0000 0000       ..............
15:29:18.164566 IP (tos 0x0, ttl 128, id 2394, offset 0, flags [none], proto UDP (17), length 125)
    10.0.0.155.80 > 239.255.255.250.1900: UDP, length 97
    0x0000:  4600 0024 0000 0000 0102 3ad3 0a00 0000  F..$......:.....
    0x0010:  e000 0001 9404 0000 1101 ebfe 0000 0000  ................
    0x0020:  0300 0000 0000 0000 0000 0000 0000       ..............
   0x0020:  0300 0000 0000 0000 0000 0000 0000       ..............

两个变量:

ips=10.0.0.155

ipd=239.255.255.254

输出结果必须是:

58363

这是 IP 源地址的端口10.0.0.155.58363

4

2 回答 2

1

使用环视grep:_

$ ips=10.0.0.155

$ ipd=239.255.255.254

$ grep -Po "(?<=$ips\.)\d+(?= > $ipd)" file
58363
58363

文件有重复的行,所以管道到uniq

$ grep -Po "(?<=$ips\.)\d+(?= > $ipd)" file | uniq
58363

或使用捕获组sed

$ sed -n '/'"$ipd"'/s/.*'"$ips"'\.\([0-9]\+\).*/\1/p' file
58363
58363

$ sed -n '/'"$ipd"'/s/.*'"$ips"'\.\([0-9]\+\).*/\1/p' file | uniq
58363

或在awk

$ awk -v s=$ips -v d=$ipd '$1~s && $3~d {sub(/.*\./,"",$1);print $1}' file
58363
58363

$ awk -v s=$ips -v d=$ipd '$1~s&&$3~d&&!u[$0]++{sub(/.*\./,"",$1);print $1}' file
58363
于 2013-01-17T15:04:09.970 回答
0

希望对您有所帮助。您可以用您的变量替换 IP。

[spatel@mg0008 ~]$ grep 10.0.0.155.58363 /tmp/outputfile.txt
    10.0.0.155.58363 > 239.255.255.254.1900: UDP, length 97
    10.0.0.155.58363 > 239.255.255.254.1900: UDP, length 97

更多修剪...

[spatel@mg0008 tmp]$ grep 10.0.0.155.58363 /tmp/outputfile.txt | awk -F'.' '{print $5}' | awk '{print $1}'
58363
58363
于 2013-01-17T15:05:28.523 回答