Skip to content

Instantly share code, notes, and snippets.

@guoyoujin
Created April 9, 2019 04:34
Show Gist options
  • Save guoyoujin/fcf8120b0a934958bf63b36cf3df558c to your computer and use it in GitHub Desktop.
Save guoyoujin/fcf8120b0a934958bf63b36cf3df558c to your computer and use it in GitHub Desktop.
ruby关于.cap文件过滤IP
str = "21:20:36.678356 IP 190.223.26.38.ldap > 39.108.626.17.64292: UDP, bad length 2903 > 1472
21:20:36.678429 IP 5-198-122-238.static.kc.net.uk.ldap > 39.108.626.17.17604: UDP, bad length 3040 > 1464
21:20:36.678430 IP 190.223.26.38 > 39.108.626.17: udp
21:20:36.678486 IP 13.69.135.13 > 39.108.626.17: udp
21:20:36.678577 IP itt67-1-88-182-62-59.fbx.proxad.net.ntp > 39.108.626.17.47721: NTPv2, Reserved, length 440
21:20:36.678578 IP mail.centromedicomilitar.com.gt.ldap > 39.108.626.17.17604: UDP, bad length 3173 > 1472
21:20:36.678496 IP host-195-33-224-54.reverse.superonline.net.ldap > 39.108.626.17.64292: UDP, bad length 2934 > 1472
21:20:36.678497 IP host-195-33-224-54.reverse.superonline.net > 39.108.626.17: udp"
regex=/^[^I]*IP ([^>]*)>.*$/;
arr = [];
str.scan(regex).each{|m|arr.push m }
arr = arr.uniq
puts arr
puts arr.length
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment