When I use nslookup for "google.com" I get the following:
Addresses: 2607:f8b0:400a:801::1001
173.194.33.32
173.194.33.36
173.194.33.34
173.194.33.37
173.194.33.33
173.194.33.46
173.194.33.39
173.194.33.41
173.194.33.38
173.194.33.40
173.194.33.35
However when I call GetAddrInfoW and pass it L"google.com" I get the following:
173.194.33.41
173.194.33.39
173.194.33.46
173.194.33.33
173.194.33.37
173.194.33.38
173.194.33.40
173.194.33.34
173.194.33.35
173.194.33.36
173.194.33.32
Where'd the IPv6 address go?
Edit: If I do the same lookup with the same code for "localhost" the output is:
0000:0000:0000:0000:0000:0000:0000:0001
127.0.0.1
Which is even more of a head scratcher.
Related
I am new to this and I want to parse the following log for a checkpoint firewall, I don't know if you can help me or guide me how I can do it so that I can see separate fields and not a single text
Ejemplo:
Source: -5:00
IP: XXX.XXX.XXX.XXX
Action: Accept
UUID= XXXX
....
-5:00 192.168.1.2 Action="accept" UUid="{0x61b22d19,0x4,0xf1137d7f,0xc0000000}" inzone="Internal" outzone="Internal" src="10.207.104.247" dst="10.207.106.9" proto="6" xlatesrc="186.5.16.83" NAT_rulenum="14" NAT_addtnl_rulenum="1" rule="21 (Incoming/Internal)" product="VPN-1 & FireWall-1" service="10050" s_port="38930
%{NUMBER}:00 %{IP} Action=%{QS} UUid=%{QS} inzone=%{QS} outzone=%{QS} src=%{QS} dst=%{QS} proto=%{QS} xlatesrc=%{QS} NAT_rulenum=%{QS} NAT_addtnl_rulenum=%{QS} rule=%{QS} product=%{QS} service=%{QS} s_port=%{QS}
I am trying the next grok but I am not getting what I want.
In the example you provided, a " is missing at the end, otherwise your grok pattern works for me.
You can add name to the fields so you can easily get them in graylog, for example:
%{NUMBER}:00 %{IP:ip} Action=%{QS:action} UUid=%{QS:uuid} inzone=%{QS:inzone} outzone=%{QS:outzone} src=%{QS:src} dst=%{QS:dst} proto=%{QS:proto} xlatesrc=%{QS:xlatesrc} NAT_rulenum=%{QS:natrulenum} NAT_addtnl_rulenum=%{QS:nataddtnlrulenum} rule=%{QS:rule} product=%{QS:product} service=%{QS:service} s_port=%{QS:sport}
I want to find the IP address of other system. For example, I am executing my code from server wevrs1234 and I want the IP address of server apvrs1234 and store it in variable. Please help me to get this.
ip = IPSocket.getaddress(Socket.gethostname)
is the code I have so far.
AS per suggestion i have made this code but getting error. Please find my code
publish_vm = node['aem_dispatcher_cookbook']['publish'].to_s
nodes = search(:node, 'hostname:publish_vm')
node.default['aem_dispatcher_cookbook']['ip_address'] = 'nodes.first['ipaddress']'
template node['aem_dispatcher_cookbook']['owner']['home'] + '/conf.d/publish_farm.any' do
source 'publish_farm.any.erb'
owner node['aem_dispatcher_cookbook']['owner']['user']
group node['aem_dispatcher_cookbook']['owner']['group']
mode '0755'
variables(
publish_host: node['aem_dispatcher_cookbook']['publish'],
publish_port: node['aem_dispatcher_cookbook']['publish_port'],
ip_addr: node['aem_dispatcher_cookbook']['ip_address']
)
end
Error
[2020-05-20T06:09:52-05:00] DEBUG: Node wevrd64501.uhc.com loading cookbook aem_dispatcher_cookbook's attribute file /root/.chef/local-mode-cache/cache/cookbooks/aem_dispatcher_cookbook/attributes/default.rb
================================================================================
Recipe Compile Error in /root/.chef/local-mode-cache/cache/cookbooks/aem_dispatcher_cookbook/recipes/default.rb
================================================================================
SyntaxError
-----------
/root/.chef/local-mode-cache/cache/cookbooks/aem_dispatcher_cookbook/recipes/default.rb:333: syntax error, unexpected tIDENTIFIER, expecting keyword_end
...ess'] = 'nodes.first['ipaddress']'
... ^~~~~~~~~
System Info:
You tagged the question with [chef] and [chef-recipe], so I understand you are trying to get another machine's IP address inside recipe. If that another machine is also registered with Chef Server, the easiest would be search. You can search for any machine registered on the Chef Server by some attribute, in your case - hostname.
nodes = search(:node, 'hostname:<another_vm_hostname>')
p nodes.first['ipaddress']
Update:
You have an error in your 3rd line. Don't surround nodes.first['ipaddess'] with quotes.
node.default['aem_dispatcher_cookbook']['ip_address'] = nodes.first['ipaddress']
publish_vm = node['aem_dispatcher_cookbook']['publish'].to_s
ruby_block 'get_ip_from_publish' do
block do
Chef::Resource::RubyBlock.send(:include, Chef::Mixin::ShellOut)
command1 = "nslookup #{publish_vm} |grep '^Address' | awk '{print $2}'| tail -1"
command_out = shell_out(command1)
node.run_state['master_ip'] = command_out.stdout
end
action :run
end
This piece of code helped me to get ip address of desired host machine
I would like to send HTTPS requests to the same host but I would like to choose the target IP every time.
For example "dig digitalocean.com" shows these IPs:
digitalocean.com. 300 IN A 104.16.110.208
digitalocean.com. 300 IN A 104.16.112.208
digitalocean.com. 300 IN A 104.16.109.208
digitalocean.com. 300 IN A 104.16.113.208
digitalocean.com. 300 IN A 104.16.111.208
With HTTP it works:
HTTPoison.get("http://104.16.110.208/", [{"host","www.digitalocean.com"}])
{:ok,
%HTTPoison.Response{body: "", headers: [...], request_url: "http://104.16.110.208/",
status_code: 301}}
But with HTTPS I get an error:
HTTPoison.get("https://104.16.110.208/", [{"host", "www.digitalocean.com"}])
{:error,
%HTTPoison.Error{id: nil,
reason: {:options, {{:server_name_indication, '104.16.110.208'}}}}}
Is there a way to achieve this with HTTPS with HTTPoison, or in Elixir/Erlang without modifying etc/hosts?
You need to use it like below
HTTPoison.get("https://104.16.110.208/", [{"host","www.digitalocean.com"}], hackney: [{:ssl_options, [{:server_name_indication, "digitalocean.com"}]}])
or
HTTPoison.get("https://104.16.110.208/", [{"host","www.digitalocean.com"}], hackney: [ssl_options: [server_name_indication: 'digitalocean.com']])
Since you are using IP to connect, by default the server_name_indication will be assumed as the IP. This is what you need to override in your case
I have an application where I process a lot of IP addresses (analysing Checkpoint firewall rule sets). At one point I want to check if a particular address object is a /32 or a 'network'.
Currently I am doing it like this:
next unless ip.inspect.match(/\/255\.255\.255\.255/)
it works but seems a bit inefficient but I can't see any method that extracts the mask from the address object.
Some parts of the Ruby core library are sometimes just sketched in, and IPAddr appears to be one of those that is, unfortunately, a little bit incomplete.
Not to worry. You can fix this with a simple monkey-patch:
class IPAddr
def cidr_mask
case (#family)
when Socket::AF_INET
32 - Math.log2((1<<32) - #mask_addr).to_i
when Socket::AF_INET6
128 - Math.log2((1<<128) - #mask_addr).to_i
else
raise AddressFamilyError, "unsupported address family"
end
end
end
That should handle IPv4 and IPv6 addresses:
IPAddr.new('151.101.65.69').cidr_mask
# => 32
IPAddr.new('151.101.65.69/26').cidr_mask
# => 26
IPAddr.new('151.101.65.69/255.255.255.0').cidr_mask
# => 24
IPAddr.new('2607:f8b0:4006:800::200e').cidr_mask
# => 128
IPAddr.new('2607:f8b0:4006:800::200e/100').cidr_mask
# => 100
It's not necessarily the best solution here, but it works.
I'm aware that this is a 3 year old question, but this was the first result on Google for me when I searched it, so I want to provide a new answer.
I was playing around in console today and noticed the the prefix method on the IPAddr object returns cidr mask as an integer.
So, for example:
ip = IPAddr.new("192.168.1.0/24")
ip.prefix
# => 24
It also turns out that type coercion gives you the integer representation of the address and mask, so you could potentially do the math on the output of to_i, to_json, as_json or instance_values.
An example with the network address:
ip.to_i
# => 3232235776
ip.to_i.to_s(2)
# => "11000000101010000000000100000000"
And one with the netmask:
ip.as_json
# => {"family"=>2, "addr"=>3232235776, "mask_addr"=>4294967040}
ip.as_json["mask_addr"].to_s(2)
# => 11111111111111111111111100000000
ip.as_json["mask_addr"].to_s(2).count("1")
# => 24
I am trying to write a ruby script to take the Nexpose Simple XML results export, parse it, and write the required results out to a prettier format for easy review. I am using Nokogiri to parse the XML. My issue is that I have a nested loop that for each device, iterates through each service section and pulls out the name, port, and protocol attributes from each one. This will ultimately be printed back out to a file either a text file or a csv. However, my nested loops seems to only pull those three attributes from the first service section and prints them repeatedly.
Sample Input (there will be more than one of these device blocks):
<device address="10.x.x.1" id="20xx">
<fingerprint certainty="0.85">
<description>Microsoft Windows</description>
<vendor>Microsoft</vendor>
<family>Windows</family>
<product>Windows</product>
<version/>
<device-class>General</device-class>
<architecture/>
</fingerprint>
<vulnerabilities>
</vulnerabilities>
<services>
<service name="NTP" port="123" protocol="udp">
<vulnerabilities>
</vulnerabilities>
</service>
<service name="HTTP" port="8080" protocol="tcp">
<fingerprint certainty="0.75">
<description>Apache</description>
</device>
<device address="10.x.x.2" id="20xx">
<fingerprint certainty="0.85">
<description>Microsoft Windows</description>
<vendor>Microsoft</vendor>
<family>Windows</family>
<product>Windows</product>
<version/>
<device-class>General</device-class>
<architecture/>
</fingerprint>
<vulnerabilities>
</vulnerabilities>
<services>
<service name="DNS" port="53" protocol="udp">
<vulnerabilities>
</vulnerabilities>
</service>
<service name="HTTP" port="80" protocol="tcp">
<fingerprint certainty="0.75">
<description>Apache</description>
</device>
Ruby Code:
#! /usr/bin/env ruby
require 'rubygems'
require 'nokogiri'
doc = Nokogiri::XML(open('report.xml').read)
device = doc.xpath('//device')
device.each do |d|
service = d.xpath('//service')
puts d.attr('address')
service.each do |s|
name = s.attr('name')
port = s.attr('port')
protocol = s.attr('protocol')
puts port
puts protocol
puts name
end
end
Desired Output:
10.x.x.1
123
udp
NTP
8080
tcp
HTTP
10.x.x.2
53
udp
DNS
80
tcp
HTTP
Actual Output:
123
NTP
udp
123
NTP
udp
So the code should show a list of service port, name, and protocol for each service of each device. However, the current code seems to just print the set for the first service (which is 123, NTP, and udp) over and over and over.
Am I missing something in the logic of my loop? Or do you see anything wrong with the loops? Any help getting this working would be helpful. Thanks.
Note that the XPath construct // means find the element anywhere in the document. You don't want to do that in the inner loop, because you've already done that for your device.
Update
Based on the new input document, here is one way to extract the information you need. I took the liberty of using CSV, for a nice Excel-ready output file. Note that there is a single parsing loop. Code:
require 'nokogiri'
require 'csv'
doc = Nokogiri::XML(open('report.xml').read)
CSV.open("devices.csv", "wb") do |csv|
csv << ["Device", "Service", "Port", "Protocol"]
doc.search('//service').each do |s|
device = s.xpath('ancestor::device[1]/#address')
name = s.attr('name')
port = s.attr('port')
protocol = s.attr('protocol')
csv << [device, name, port, protocol]
end
end
Here's the contents of devices.csv:
Device,Service,Port,Protocol
10.x.x.1,NTP,123,udp
10.x.x.1,HTTP,8080,tcp
10.x.x.2,DNS,53,udp
10.x.x.2,HTTP,80,tcp