如何使用grep打印出唯一匹配项的计数? [英] How do I print out the count of unique matches with grep?

问题描述

让我们说我有数百万个数据包可以浏览，并且我想查看一个数据包被发送到某个端口号的次数.

Lets say I have millions of packets to look through and I want to see how many times a packet was sent to a certain port number.

以下是一些数据包:

10:27:46.227407 IP 85.130.236.26.54156 > 139.91.133.120.60679: tcp 0
10:27:46.337038 IP 211.142.173.14.80 > 139.91.138.125.56163: tcp 0
10:27:46.511241 IP 211.49.224.217.3389 > 139.91.131.47.6973: tcp 0

我想在这里浏览第二个端口号，

I want to look through the 2nd port number here so:

60679、53163、6973等

60679, 53163, 6973, etc

所以我可以使用:

grep -c '\.80:' output.txt

计算使用端口80的所有时间.但是有没有一种方法可以显示所有已使用的端口以及在此文件中找到该端口的次数.这样的东西，最好也进行排序，这样我就可以看到最常使用的端口:

To count all the times port 80 was used. But is there a way for it to display all the ports that were used and how many times it was found in this file. Something like this and preferable sorted too so I can see which ports were used most often:

.80: - 54513
.110: - 12334
.445: - 412

推荐答案

请参见 uniq -c .您需要拉出所需的位，对结果进行排序，通过uniq传递管道，对输出进行排序.可能是这样的:

See uniq -c. You'll want to pull out the bit you want, sort the result, pipe thru uniq, sort the output. Something like this maybe:

egrep '\.[0-9]+:' output.txt | sort | uniq -c | sort -nr

说明:我在这里使用了grep，因为尚不清楚您的output.txt格式是什么样，但是您可能想通过cut或awk切出端口号位.

Clarification: I've used grep here because it's not clear what your output.txt format looks like, but you'll want to actually cut out the port number bit, perhaps via cut or awk.

要获取端口，您可以在句号上剪切一次，然后在冒号上再次剪切:

To get the port, you can cut once on a period and then again on a colon:

cut -d. -f10 < output.txt | cut -d: -f1

(或完成相同操作的其他十二种方法中的任何一种.)这将为您提供未排序的端口列表.然后:

(Or any one of a dozen other ways to accomplish the same thing.) That will give you an unsorted list of ports. Then:

cut -d. -f10 < output.txt | cut -d: -f1 | sort | uniq -c | sort -nr

这篇关于如何使用grep打印出唯一匹配项的计数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！