Searching for ip addresses using wingrep - regex

I'm using WinGrep to search for IP Addresses in a .txt file, but i can't figure out how to get it to use a regular expression to search. does anyone have any experience with this?

If you don't need to consider IPv6, only want numeric IP addresses without port numbers, and don't need to validate the addresses (i. e., not matching illegal addresses line 321.456.299.999) then you can use
\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
If you need to do any of the above things, please update your question.

What worked for me using WinGrep is the following:
[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
I tried more sofisticated regex'es but none of them work with WinGrep
Hope it helps
Regards

Related

Extract the Source IP Address from two different log samples with regex

I have a regular expression as follows:
"id.resp_h"|"rx_hosts":(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}),
I am trying to extract the Source IP Address from two different log samples. "id.orig_h" and "tx_hosts" are two different fields for Source IP. How do i ignore the speech marks and square brackets? i just want extract the IP addresses
schema_id=17127524534057985804:skip_writers="":{"_path":"conn","_system_name":"hostname","_write_ts":"2020-01-12T22:09:28.853417Z","ts":"2020-01-12T22:07:14.642074Z","uid":"Cm4cbmvRjlmd2I52c","id.orig_h":"192.168.1.1","id.orig_p":xxx,"id.resp_h":"192.168.1.2","id.resp_p":xxx,"proto":"udp",
schema_id=17223896091372211545:skip_writers="":{"_path":"files","_system_name":"Hostname","_write_ts":"2020-01-12T22:09:00.016260Z","ts":"2020-01-12T22:07:14.108217Z","fuid":"FnmzOv3Fkhr8lP0qL","tx_hosts":["192.168.1.1","192.168.1.1"],"rx_hosts":["192.168.1.10"],
Any help would be gratefully appreciated :-)
Thanks,
JM
Try this if you want to solve it with regex:
(?:"id.resp_h"["[:]|"rx_hosts"["[:])(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3})
See here

Regex to find a web address

I'm trying to isolate links from html using a regex and the one I found that is suppose to do it doesn't seem to work.
/^(http?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/
Am I missing something? I'm using Brackets as my text editor
^(?:http|https):\/\/(?:[a-z0-9\-\.]+)(?::[0-9]+)?(?:\/|\/(?:[\w#!:\.\?\+=&%#!\-\/\(\)]+)|\?(?:[\w#!:\.\?\+=&%#!\-\/\(\)]+))?$
Messy, but works.
Also, you might want to look at a similar question: Regex expression for valid website link
Hope this helps :)
It is hard to make it 100% accurate.
A url could also be a IP address for example.
http://ip/
It can contain query strings.
http://www.google.com/?a=1&b=2
It can contain spaces.
http://www.google.com/this is my url/
It depends on what need you have for accuracy.

How to write a regular expression in c++

I have this string dummy_data:\m192.168.1.125\pApp and I want to extract the IP address from the given string.
I have used the following regular Expression:
\\\\m([\\d\\w\\.]+)\\\\?
This returns \m192.168.1.125, but I want only 192.168.1.125
Do you have any suggestions on how to achieve this?
This one is simple:
[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?
It only works for IPv4 addresses.
This one also worked for your string:
([0-9]{1,3}\.){3}[0-9]{1,3}
I tested both on this random page. I can not tell you how reliable they are.

Regular expression for isolating Comcast IP addresses in access log file for Apache

Really the fact I want to use this for my Apache access log file is arbitrary and irrelevant, but it gives context to the situation.
I need to filter out records associated with Comcast IP addresses. Here's a list of the dynamic IP address ranges that Comcast assigns. I need a regular expression that can match all of those, and only those. I'll work on it on my own in the mean time but I figured there would be some RegEx guru out there on SO that would enjoy the problem.
Regex solution is possible, but very cumbersome, since the subnet mask is not multiple of 8. You will need to write a function to process the list and convert into regex.
It is better to use regex to grab the IP address and test the IP address against the list of IP addresses by Comcast. Simple implementation would be a set which allows you to search for the nearest number that is smaller than the argument.
That are a lot of IP adresses.
For example, 24.0.0.0/12 defines the IP range 24.0.0.1 - 24.15.255.255. To match these numeric ranges with a regex:
24: 24
0-15: [0-9]|1[0-5]
0-255: [0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]
Which gives
(24)\.([0-9]|1[0-5])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])
And that's just for 24.0.0.0/12, 293 to go.
If you really want to do this you should write a small script to convert each IP range into a regex automatically.
Another approach would be to match any IP address and feed it into a callback that does the matching using an appropriate module / framework / API.

RegEx to get numbers between periods in IP address?

Say you have an IP address: 74.125.45.100 so its A.B.C.D
Is there a way to use RegEx to get A,B,C separately?
If it is just to extract the numbers from the IP and not to validate the IP address then you could just do:
[0-9]
However, I think a simple String.Split(".") would be an easier option.
Something very simple yet ugly would work.. giving you four groups one for each octet.
(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})
([0-9]+).([0-9]+).([0-9]+).([0-9]+)
...should do it. It's no validating regex though, allows numbers beyond 255 for each part.
Here's a crazy validating one:
\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b
Credit to last regex goes to RegexBuddy makers.
/(\d+)\.(\d+)\.(\d+)\.(\d+)/
First port of call for regex... RegEx Library
While others have pointed out various good regexps; May I ask why you absolutely must use regular expressions for that? It will be slow and error-prone. Most platforms do have integrated IP address functionality, or provide a way to call to inet_aton.
In case someone needs a validating RegEx for (all possible) IPv4 addresses:
([^\d.]|^)([01]{0,1}\d{1,2}|2[0-5][0-5])[.]([01]{0,1}\d{1,2}|2[0-5][0-5])[.]([01]{0,1}\d{1,2}|2[0-5][0-5])[.]([01]{0,1}\d{1,2}|2[0-5][0-5])([^\d]|$)
The IP is contained in 2nd, 3rd and 4th parameters. 1st and last are not used. Those are necessary otherwise a wrong IP like:
999.1.2.3
would be catched as "99.1.2.3". I am not sure if you want to allow IP ending with a dot, e.g.
1.2.3.4.
If not, change the last part to ([^\d.]|$). I do not allow any dots in front of it though.
I still think this RegEx is a messed monster :) and a better solution would be to validate by hand using a function.