grepcidr 2.1 - Filter IP addresses matching IPv4 CIDR specification Copyright (C) 2004-2005 Jem E. Berkes <[email protected]> http://www.pc-tools.net/unix/grepcidr/ http://www.sysdesign.ca/
Copyright (C) 2009 Dean Anderson <[email protected]> http://www.av8.net/dist/grepcidr/ http://www.nuspex.com/dist/grepcidr/ PURPOSE ------- grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications, or arbitrary networks specified by an address range. As with grep, there are options to invert matching, count lines or blocks, and load patterns from one or more files or the command line. grepcidr is capable of comparing thousands or even millions of IPs to networks with little memory usage and in reasonable computation time. grepcidr has endless uses in network software, including: mail filtering and processing, network security, log analysis, and many custom applications. Many thanks to Dick Wesseling <[email protected]> who suggested an improved data structure format as well as binary search, to improve grepcidr performance. Dean Anderson <[email protected]> added many options, multiple file handling, multiple commandline -e pattern options, regular expression handling, rewrote command line parsing, added outputing and counting blocks matched. Added support for autoconf tools. COMPILING & INSTALLING ---------------------- ./configure make make install COMMAND USAGE ------------- Usage: grepcidr [OPTIONS]... [[PATTERN] [FILES]]... -h, --help Print help and exit -V, --version Print version and exit -c, --count Count Lines -b, --blocks Output Matching blocks -n, --numblocks Number of matching blocks -v, --invert Invert match -e, --pattern=STRING Pattern -f, --file=STRING Pattern file -i, --ipaddr Output matching IP -1, --no-filename Suppress prefixing filename for multiple files -s, --sb Square brackets around IP to matched --cb Curly braces around IP to be matched -p, --pb Parentheses around IP to be matched --vb Vertical Bars around IP to be matched --lb=STRING custom left bracket --rb=STRING custom right bracket Grepcidr looks for dotted quads in the files or on stdin. It then compares the dotted quad to the list of patterns. It will match multiple dotted quads on a single line. PATTERN specified on the command line may contain multiple patterns separated by whitespace or commas. For long lists of network patterns, specify a -f FILE to load where each line contains one pattern. Comment lines starting with # are ignored, as are any lines that don't parse. The -f file option can be specified multiple times to load several files The -e pattern option can be specified multiple times Multiple files may be specfied. Earlier versions of grepcidr could not grep files with extra text around the dotted quads. Each pattern, whether on the command line or inside a file, may be: CIDR format a.b.c.d/xx IP range a.b.c.d-e.f.g.h IP range a.b.c.d+size Single IP a.b.c.d EXAMPLES -------- grepcidr -f ournetworks blocklist > abuse.log Find our customers that show up in blocklists grepcidr 127.0.0.0/8 iplog Searches for any localnet IP addresses inside the iplog file grepcidr "192.168.0.1-192.168.10.13" iplog Searches for IPs matching indicated range in the iplog file script | grepcidr -vf whitelist > blacklist Create a blacklist, with whitelisted networks removed (inverse) grepcidr -f list1 list2 Cross-reference two lists, outputs IPs common to both lists grepcidr -csf apnic-blocks -f lacnic-blocks /var/log/maillog Count the message relating to apnic and lacnic Match only ip addresses in square brackets e.g. [a.b.c.d] grepcidr -nsf apnic-blocks -f lacnic-blocks /var/log/maillog Count the blocks relating to apnic and lacnic Match only ip addresses in square brackets e.g. [a.b.c.d] grepcidr -bsf apnic-blocks -f lacnic-blocks /var/log/maillog Output the blocks relating to apnic and lacnic Match only ip addresses in square brackets e.g. [a.b.c.d] grepcidr -bf apnic-blocks abuse/qf* > dubious Count and output apnic blocks from a queue of sorted abuse grepcidr -f dubious bgpdump Get list of routes and ASnumbers for the dubious blocks A funny thing happened after I first started using grepcidr to analyze spam senders and bgp routes. I discovered that spam abusers over short period of a few days accounted for about 3% of the allocated blocks, yet matched 10% of the BGP table. -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 256 5494 _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
