Posted on 07-19-2012 04:34 AM
If in doubt, ask the nation.. while I have dabbled.. my awk knowlege isn't the best.. i could muddle through.. but just in case...
Purpose: Need to sweep various subnets on the hunt for Mac.. get their IP and OS version.
I can do this simply with nmap.
This provides the following output:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00016s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
631/tcp open ipp
44176/tcp open unknown
Device type: general purpose|phone
Running: Apple Mac OS X 10.7.X, Apple iOS 4.X
OS CPE: cpe:/o:apple:mac_os_x:10.7 cpe:/o:apple:iphone_os:4
OS details: Apple Mac OS X 10.7.0 - 10.7.2 (Lion) (Darwin 11.0.0 - 11.2.0) or iPhone mobile phone (iOS 4.3.2)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.19 seconds
And what I'd like is...
IP OS details
Which i can then import into excel..
I can pull the IP, I can pull the OS, but I can't seem to get both together on the same line.
Any takers..
Thanks in advance.
J.
Posted on 07-19-2012 07:04 AM
Can you give an example of the output you want? What is the exact information out of the example you provided that you want?
Do you want everything after "OS details: "? I see nothing in your example providing an IP address unless you're referring to the first line with the local "127.0.0.1" address.
Does this need to be tab-delimited? Something else?
Posted on 07-19-2012 07:56 AM
Hi,
thanks for taking time to reply, sorry yes example output would help!
The IP was 127 etc as I just ran it locally to get example data, this would of course normally have a real world IP..
I guess while I'm here and go the whole hog:
output from example data as follows:
hostname<tab>IP<tab>Running
localhost 127.0.0.1 10.7.X
If I can get that then I'll be very happy.. if its simpler to do by keeping parenthesis and other gibberish.. then thats still cool.
Thanks!
J.
Posted on 07-19-2012 08:19 AM
How regular is the output from your nmap scan? in other words, are the number of columns and general data formatted the same for each scan, minus the exact details of course?
What commands are you using now to get the hostname + IP and OS details?
I can pull the hostname and Ip by piping the nmap output above through:
awk '/Nmap scan/{print $5,$6}' | sed 's/(*)*//g'
That gives me:
localhost 127.0.0.1
But its just a space between the two, not a tab. I suppose you could replace spaces with tabs with 'tr' or something like that.
| tr ' ' ' '
What are you using right now to get the 10.7.X portion? I can think of a few ways, but curious to see what you have already.
Posted on 07-19-2012 08:43 AM
you can choose nmap's output format to help you chop up the results.
check the man page or here:
http://nmap.org/book/man-output.html
if you're using awk (or regex in general), you're probably looking at a couple of capture groups and minor formatting.
if you're only looking for one specific host/MAC address on your network, you could just go ghetto and pipe nmap output to grep for what you want.
you can do it all in awk, but it would probably be easier in another language like perl, python, or ruby.
you're already in the rabbit hole, so keep digging!
Posted on 07-19-2012 09:18 AM
ok.. have to admit.. i've looked at my bash history.. and of course I don't have the exact line any more... one of those days...
i was basically searching for the expression and printing the result..
the delimiter doesn't matter at al, tab, space, comma, i'm only importing to excel, as long as there are no other spaces in the line result.
I can't really post 'real' data here for obvious reasons...
as for using perl, python or ruby... i'm sure they would be great.. same as if I knew a bit of spanish or mandarin while on holiday...
:)
thanks folks... I'll try and post back something like what I was doing..