Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Shell script to capture part of ping output

12:57 am on Jan 17, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

A user has a dynamic IP.
I'm running portsentry.
The user's email program is ill-behaved.
It TCP/SYN scans my system every time it checks for mail.
Portsentry does not like this.
I can allow his IP by adding it to the portsentry ignore list.

He uses a virtual domain: dude.somehost.net (dude=him)

I ping the domain to get his current IP, then add it to the ignore list so he can use the mail system.

I want to do this with a shell script, but I'm having trouble grabbing the initial ping output, for example:

PING dude.somehost.net ( from : 56(84) bytes of data.

Note that this is not the data ping gathers, but just its identification of what it will do before it does it. I'd be happy to use ping's result set, but his domain is non-responsive unless he's actually doing some mail thing. i.e. I almost always get a 100% packet loss, so there's an empty ping result set.

Therefore, I want to grab the "" from ping's initial output (as above) and append it to my ignore list if it is not already in there. Bonus points for removing whatever earlier IP address he had used from the ignore list before adding the current IP.

I've been trying to work with variations on the following:

ping -c1 dude.somehost.net  sed -n '/net (/,/) from/p' > ignore_list

however there is a big issue in that what I want to capture is not part of ping's result set, so whatever I try fails.

I appreciate very much any thoughts and advice. Any type of coding is welcomed (shell, PHP, whatever). This needs to run as a cronjob each hour, because his domain provider is nuts. ;)

6:47 am on Jan 17, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Instead of pinging him, you probably just want to do a DNS lookup. One of these should work:

host dude.somehost.net awk '{print $4}'

nslookup dude.somehost.net grep '^Address' tail -1 awk '{print $2}'

8:36 pm on Jan 23, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Awesome! Thanks mcavic. Here's what I ended up with (chkhost.sh):

TMPHOST=`host dude.somehost.net awk '{print $4}'`
if ! grep $TMPHOST ignore_list
host dude.somehost.net awk '{print $4}' cat >> ignore_list
service portsentry restart

I realized that removing the old address was absurd ... how would I remember it after it had changed? So I'm living with checking the ignore_list before I go home each day and removing any defunct entries manually.

I appreciate your help, mcavic.

[edited by: StupidScript at 8:50 pm (utc) on Jan. 23, 2009]

1:02 am on Jan 24, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member

Glad to help! Removing the old address automatically would make sense, because once it changes, it's unlikely to be needed again. But if you had more than one user, you'd need more logic to remove only the expired address.