Extracting IP Addresses in Bash

One very handy function to have in your .bash_profile is a function to extract IP addresses.

ipextract function

I frequently use this function during investigations and though I should share it with everyone.

ipextract ()
{
# example ipextract < filename
egrep --only-matching -E  '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)'
}

Example

I’ll demonstrate how to use the function

Source File – tempfile.txt

34.235.54.203",33,9094,17,5078,16,4016,-88101.548483,0.586341000001994,69283.9149912113,54794.0532896228
54.173.212.143",29,7946,15,4432,14,3514,-88101.548467,0.571311000006972,62060.7690024651,49206.1241594455
104.88.86.168",13,5046,7,765,6,4281,-88087.416638,3.05987199999799,2000.08366363168,11192.6250509899
52.109.2.18",85,64452,48,39422,37,25030,-88087.393415,3.23389499999757,97522.0283899869,61919.1408503214
40.97.164.162",35,15748,15,3215,20,12533,-88085.845113,5.59355099999812,4598.15240801571,17924.9281896301
52.114.32.8",76,54681,48,40389,28,14292,-88085.811195,1.45319300000847,222346.240312276,78679.1568630827
52.72.199.213",4,285,2,108,2,177,-88083.051142,4.99983200000133,172.805806275045,283.209515839657
52.109.120.18",13,6182,7,1459,6,4723,-88081.765863,1.03934999999183,11230.0957329983,36353.4901624064
52.109.6.40",21,10495,12,2169,9,8326,-88081.702939,1.32139399999869,13131.5867939594,50407.3728199659

Using the function

$ ipextract < tempfile.txt
104.88.86.168
34.235.54.203
40.97.164.162
52.109.120.18
52.109.2.18
52.109.6.40
52.114.32.8
52.72.199.213
54.173.212.143

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>