NAME

rwresolve - Convert IP addresses in delimited text to hostnames

SYNOPSIS

  resolve [--ip-fields=FIELDS] [--delimiter=C]

DESCRIPTION

rwresolve is a pipe-lining application to resolve the IP addresses that appear in delimited textual input and replace the IP address with its hostname.

Because rwresolve must do a DNS query for every IP address, it is extremely slow. rwresolve works best on very limited data sets.

It is designed specifically to deal with the output of rwcut(1), though it will work with other SiLK tools that produce delimited text. Its job is to read the standard input and convert the specified fields (default fields 1 and 2) separated by a delimiter (default '|') from a dotted-decimal IP address to a hostname. The IP fields are specified via the --ip-fields=FIELDS option. The --delimiter option can be used to specify an alternate delimiter.

OPTIONS

Option names may be abbreviated if the abbreviation is unique or is an exact match for an option. A parameter to an option may be specified as --arg=param or --arg param, though the first form is required for options that take optional parameters.

--ip-fields=FIELDS: Column number(s) of the input that should be considered IP numbers. Column numbers start from 1. If not specified, the default is 1,2.
--delimiter=C: The character that separates the columns of the input. Default is '|'.

EXAMPLE

Suppose you have found some interesting data, and you want to look up the hostnames of the sources. In addition to the default fields of 1-12 produced by rwcut, you also want to append to each row the hostname of the source IP:

    rwcut --fields=1-12,1 interesting.rwf | \
        rwresolve --ip-field=13

BUGS

Because rwresolve must do a DNS query for every IP address, it is extremely slow.