Say you have a file that has seventeen entries that look like this:
[usr-1@srv-1 ~]$ cat nmapout.txt Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-05-05 13:41 PDT Interesting ports on 10.50.100.1: (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 6000/tcp open X11 32771/tcp open sometimes-rpc5 Device type: general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7) Uptime 2.789 days (since Tue May 2 18:48:20 2006) . . . Interesting ports on 10.50.100.79: (The 1657 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 1024/tcp open kdm MAC Address: 00:60:97:97:CC:04 (3com) Device type: general purpose Running: Linux 2.4.X|2.5.X OS details: Linux 2.4.0 - 2.5.20 Uptime 0.159 days (since Fri May 5 10:12:22 2006) Nmap run completed -- 80 IP addresses (17 hosts up) scanned in 1178.103 seconds |
See this article for a background on what is happening here. A quick way to generate a list of IP addresses and kernel versions is to do a grep that uses a logical OR. What we need to do is look for “Interesting” OR “Running”. Grep seems like the obvious choice, however the catch is you need to use extended regular expressions. There are two ways to do this:
[usr-1@srv-1 ~]$ grep -E "Running|Interesting" nmapout.txt [usr-1@srv-1 ~]$ egrep "Running|Interesting" nmapout.txt |
Both reflect the file:
Interesting ports on 10.50.100.1: Running: Linux 2.4.X|2.5.X|2.6.X . . . Interesting ports on 10.50.100.79: Running: Linux 2.4.X|2.5.X [usr-1@srv-1 ~]$ |
