CERT/CC
background
background
CERT NetSA Security Suite 
Open Source Tools for Network Monitoring 
News | Documentation | Downloads
YAF 0.8.1 | NAF 0.6.0 | SiLK 1.0.1 | RAVE 1.9.9
fixbuf 0.7.3 | ipa 0.2.1 | airdbc 0.2.2 | airframe 0.7.2 | Portal 0.8.0
SiLK - Documentation - num2dot
Documentation | Downloads | Release Notes | FAQ | License | Credits | Reference Data | Live CD

NAME

num2dot - Convert an integer IP to dotted-decimal notation

SYNOPSIS

  num2dot [--ip-fields=FIELDS] [--delimiter=C]

DESCRIPTION

num2dot is a filter to speedup sorting of IP numbers and yet result in both a natural order (i.e., 29.23.1.1 will appear before 192.168.1.1) and readable output (i.e., dotted decimal rather than an integer representation of the IP number).

It is designed specifically to deal with the output of rwcut(1). Its job is to read stdin and convert specified fields (default field 1) separated by a delimiter (default '|') from an integer number into a dotted decimal IP address. Up to three IP fields can be specified via the --ip-fields=FIELDS option. The --delimiter option can be used to specify an alternate delimiter.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--ip-fields=FIELDS
Column number of the input that should be considered IP numbers. Column numbers start from 1. If not specified, the default is 1.

--delimiter=C
The character that separates the columns of the input. Default is '|'.

EXAMPLE

In addition to the default fields of 1-12 produced by rwcut, you also want to prefix each row with an integer form of the destination IP and the start time to make processing by another tool (e.g., a spreadsheet) easier. However, within the default rwcut output fields of 1-12, you want to see dotted-decimal IP addresses.

  rwfilter ... --pass=stdout | \
        rwcut --integer-ip --fields=2,9,1-12 --epoch-time | \
        num2dot --ip-field=3,4

The first six columns produced by rwcut will be dIP, sTime, sIP, dIP, sPort, dPort. The --integer-ip switch makes the first, third, and fourth columns be integers, but you only want the first column to be an integer representation. The pipe through num2dot will convert the third and fourth columns to dotted-decimal IP numbers.

SEE ALSO

rwcut(1)

BUGS

num2dot has no support for IPv6 addresses.

YAF | NAF | SiLK | RAVE | fixbuf | ipa | airdbc | airframe | Portal
SiLK is part of the NetSA Security Suite, developed by the CERT NetSA group
at the Software Engineering Institute at Carnegie Mellon University.

© 2002-2008 Carnegie Mellon University