|
|
 
Say you have a file that has seventeen entries that look like this:
[usr-1@srv-1 ~]$ cat nmapout.txt
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-05-05 13:41 PDT
Interesting ports on 10.50.100.1:
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
6000/tcp open X11
32771/tcp open sometimes-rpc5
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 2.789 days (since Tue May 2 18:48:20 2006)
.
.
.
Interesting ports on 10.50.100.79:
(The 1657 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
1024/tcp open kdm
MAC Address: 00:60:97:97:CC:04 (3com)
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux 2.4.0 - 2.5.20
Uptime 0.159 days (since Fri May 5 10:12:22 2006)
Nmap run completed -- 80 IP addresses (17 hosts up) scanned in 1178.103 seconds
|
See this article for a background on what is happening here. A quick way to generate a list of IP addresses and kernel versions is to do a grep that uses a logical OR. What we need to do is look for "Interesting" OR "Running". Grep seems like the obvious choice, however the catch is you need to use extended regular expressions. There are two ways to do this:
[usr-1@srv-1 ~]$ grep -E "Running|Interesting" nmapout.txt
[usr-1@srv-1 ~]$ egrep "Running|Interesting" nmapout.txt
|
Both reflect the file:
Interesting ports on 10.50.100.1:
Running: Linux 2.4.X|2.5.X|2.6.X
.
.
.
Interesting ports on 10.50.100.79:
Running: Linux 2.4.X|2.5.X
[usr-1@srv-1 ~]$
|
|
|
