Article -- Working with IP lists

Fun with IP Lists

In the previous article I talked about gathering a list of IP addresses from a log file. Now I will show you how to work with those address to do something useful. The first thing we need is to only show the uniqe addresses. This can be done simply by piping our output to the uniq -u command.

grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' /var/log/apache2/access.log | grep -v 192 | uniq -u

This will give you a clean list of IPs to work with. Next there is an extremely useful Linux command called xargs. This command take a list of arguments and sends them to a second command to be executed. So if I want to see what IPs respond to a ping I can do it like this.

grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' /var/log/apache2/access.log | grep -v 192 | uniq -u | xargs -n1 ping -c 1

The -n1 switch tells xargs to only send 1 IP at a time to the ping command.