cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3728
Views
0
Helpful
5
Replies

Combining regular expression

cameron.moody
Level 1
Level 1

Hi,

I am trying to work out how to do a regex to match an IP and also a specific port.

This is for say a show ip nat translations where I want to see just the translations for a particular ip and port.

I've been trying to work it out for ages but just can't seem to get it to work as intended.

Any suggestions greatly appreciated :)

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Cameron,

may you attach a file with the sh ip nat translations?

to see the format it is presented

for example yesterday on a FW I did something like

sh conn | inc address:port

because the output indicates the socket in this way.

Hope to help

Giuseppe

Hi Giuseppe

Thanks for your response.

The problem I am finding is that the IP I need to filter on is in a different column to port. IE I need the pre-nat IP but the destination port.

Hope the below sample output comes out ok, otherwise it is at http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_s1g.html#wp1082204

show ip nat translations

Pro Inside global Inside local Outside local Outside global

udp 172.16.233.209:1220 192.168.1.95:1220 172.16.2.132:53 172.16.2.132:53

tcp 172.16.233.209:11012 192.168.1.89:11012 172.16.1.220:23 172.16.1.220:23

tcp 172.16.233.209:1067 192.168.1.95:1067 172.16.1.161:23 172.16.1.161:23

Hello Cameron,

I I understood you correctly you want to match a specific Inside Local that is in the second column and on the destination port in another column (the last column).

the first part can be easily be expressed by the host ip address.

the second part can be expressed by

port$

that says port value but in last position in the row.

there are ways to combine multiple conditions try

sh ip nat trans | inc host-ipaddr|port$

sh ip nat trans | inc host-ipaddr&port$

Hope to help

Giuseppe

Hi Giuseppe

Thanks for the tips - definately getting me much further than I was before. However still not quite the expected output unless I misinterpreted your commands.

Yes I get the valid output, but also getting ones that I cannot see how they are matching as per below sample (IPs changed).

I am very new to regex and just trying to stumble my way through so sorry if these are basic queries.

The first line of output is what I would expect. However port 8080 and 80 translations also appear.

sh ip nat trans | incl 172.56.221.1:|8081$

tcp 172.56.221.1:3367 192.168.11.199:3367 4.2.2.2:8081 4.2.2.2:8081

tcp 172.56.221.1:2802 192.168.11.217:2802 4.2.2.2:8080 4.2.2.2:8080

tcp 172.56.221.1:1484 192.168.15.135:1484 4.2.2.2:80 4.2.2.2:80

The below variants of the second method you suggested return no results.

sh ip nat trans | incl 172.56.221.1:&8081$

sh ip nat trans | incl 172.56.221.1:&:8081$

Hello Cameron,

the first combination actually says:

include all lines where one of two patterns is present (second pipe '|' seen as logical OR).

To achieve the desired result a logical AND would be needed or the possibility to cascade two filters like in a unix shell.

in unix you can redirect first output to a file for a later processment with second string.

According to the following document

https://www.cisco.com/en/US/docs/ios/12_2/termserv/configuration/guide/tcfaapre_external_docbase_0900e4b18051d566_4container_external_docbase_0900e4b18086adfd.html#wp1025412

there is no AND operator and the | is actually a logical OR.

Probably a TCL script could do the job on the router.

Otherwise you can capture the output of

sh ip nat trans | inc 172.56.221.1: in a file and then you can use TCL or other scripting language like perl on your PC to perform the second filtering action.

Hope to help

Giuseppe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: