Combining regular expression

Unanswered Question
Jun 20th, 2009


I am trying to work out how to do a regex to match an IP and also a specific port.

This is for say a show ip nat translations where I want to see just the translations for a particular ip and port.

I've been trying to work it out for ages but just can't seem to get it to work as intended.

Any suggestions greatly appreciated :)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Sat, 06/20/2009 - 03:34

Hello Cameron,

may you attach a file with the sh ip nat translations?

to see the format it is presented

for example yesterday on a FW I did something like

sh conn | inc address:port

because the output indicates the socket in this way.

Hope to help


cameron.moody Sat, 06/20/2009 - 04:02

Hi Giuseppe

Thanks for your response.

The problem I am finding is that the IP I need to filter on is in a different column to port. IE I need the pre-nat IP but the destination port.

Hope the below sample output comes out ok, otherwise it is at

show ip nat translations

Pro Inside global Inside local Outside local Outside global




Giuseppe Larosa Sat, 06/20/2009 - 05:59

Hello Cameron,

I I understood you correctly you want to match a specific Inside Local that is in the second column and on the destination port in another column (the last column).

the first part can be easily be expressed by the host ip address.

the second part can be expressed by


that says port value but in last position in the row.

there are ways to combine multiple conditions try

sh ip nat trans | inc host-ipaddr|port$

sh ip nat trans | inc host-ipaddr&port$

Hope to help


cameron.moody Sat, 06/20/2009 - 16:42

Hi Giuseppe

Thanks for the tips - definately getting me much further than I was before. However still not quite the expected output unless I misinterpreted your commands.

Yes I get the valid output, but also getting ones that I cannot see how they are matching as per below sample (IPs changed).

I am very new to regex and just trying to stumble my way through so sorry if these are basic queries.

The first line of output is what I would expect. However port 8080 and 80 translations also appear.

sh ip nat trans | incl|8081$




The below variants of the second method you suggested return no results.

sh ip nat trans | incl$

sh ip nat trans | incl$

Giuseppe Larosa Sun, 06/21/2009 - 03:20

Hello Cameron,

the first combination actually says:

include all lines where one of two patterns is present (second pipe '|' seen as logical OR).

To achieve the desired result a logical AND would be needed or the possibility to cascade two filters like in a unix shell.

in unix you can redirect first output to a file for a later processment with second string.

According to the following document

there is no AND operator and the | is actually a logical OR.

Probably a TCL script could do the job on the router.

Otherwise you can capture the output of

sh ip nat trans | inc in a file and then you can use TCL or other scripting language like perl on your PC to perform the second filtering action.

Hope to help



This Discussion