CERT
Software Assurance Secure Systems Organizational Security Coordinating Response Training
Skip to end of metadata
Go to start of metadata

I have a list of IP addresses, and I have a prefix map. How can I find the value associated with each address?

Prefix maps only work on flow data. In order to do pmap lookups, we have to create some sample flow data. In this example, we use rwtuc to create a bogus flow record, set the source address to the address(es) found on STDIN, and then rwcut the address with its pmap value.

  cat my-ips.txt | rwtuc --fields=sip \
  | rwcut --pmap-file=file.pmap --fields=sip,sval
  • No labels