AntecK7 All American 7755 Posts user info edit post |
I have a big list of firewall logs
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
2011-03-14 10:51:44 DROP TCP 192.168.1.1 72.14.204.99 5401 1058 52 FA 500922910 946706061 64387 - - - RECEIVE
I really just want to know the destination IP like 72.14.204.99=google
I have about 5000 entires, so doing it by hand is going to be near impossible, any ideas? 3/18/2011 10:12:18 AM |
qntmfred retired 40812 Posts user info edit post |
do you know any programming languages?
you can script it pretty easily, say using a feature like this in .net http://msdn.microsoft.com/en-us/library/system.net.dns.gethostentry.aspx
[Edited on March 18, 2011 at 10:18 AM. Reason : .] 3/18/2011 10:17:43 AM |
AntecK7 All American 7755 Posts user info edit post |
Prefer not to code,but I can if I have to,
The only other thing I noticed that in the google example a whois says google, a nslookup says iad04s01-in-f99.1e100.net 3/18/2011 10:44:20 AM |
qntmfred retired 40812 Posts user info edit post |
well, i mean unless there happens to be a site where you can copy/paste a bunch of IPs and it'll do the lookup for you (there very well may be - i don't know of one), you'll probably have to do some kind of scripting yourself, even if it's just a command line script. you can do this a ton of different ways, it really just depends on what technology you're most capable with 3/18/2011 10:49:17 AM |
AntecK7 All American 7755 Posts user info edit post |
yea, I got it going in powershell, stealing the code form the site you linked to (thanks by the way)
# Start of Script ###
# Convert $hostaddres to IPaddress class.
# Create one for next call $a=Get-Content "C:\test.txt"
foreach ($i in $a) { $hostaddress=$i write-host $hostaddress $HostIp = [System.Net.IPAddress]:arse("127.0.0.1") if (! ([system.Net.IPAddress]::TryParse($hostaddress, [ref] $HostIP))) {"Not valid IP address"; return}
# Get Host info $hostentrydetails = [System.Net.Dns]::GetHostEntry($HostIP)
# Print details: "Host Name : {0}" -f $hostentrydetails.HostName foreach ($alias in $hostentrydetails.alises) { "Alias : {0}" -f $alias } foreach ($addr in $hostentrydetails.addresslist) { "Address : {0}" -f $Addr.ipaddresstostring } } # End of script
Powershell is actually pretty cool, just gets annoying at times. 3/18/2011 11:20:38 AM |
qntmfred retired 40812 Posts user info edit post |
sweet 3/18/2011 11:29:16 AM |
wwwebsurfer All American 10217 Posts user info edit post |
^^that's awesome 3/18/2011 11:47:25 AM |
evan All American 27701 Posts user info edit post |
i was going to suggest some regex + Net:NS::Resolver 3/18/2011 1:23:14 PM |