* + 192.168.99.199 salamander.acme.com
|___ 135 DCE endpoint resolution
|___ 139 NETBIOS Session Service
|___ 1031 BBN IAD
|___ 5800 Virtual Network Computing server
|___ 5900 Virtual Network Computing server
|___ RFB 003.003.
* + 192.168.99.131 AMSPWD099WKG
|___ 135 DCE endpoint resolution
|___ 139 NETBIOS Session Service
|___ 445 Microsoft-DS
|___ 1027 ICQ?
|___ 1099 BBN IAD
* + 192.168.99.133 VLW4S
|___ 139 NETBIOS Session Service
* + 192.168.99.136 WKBX0010B-A
|___ 80 World Wide Web HTTP
|___ HTTP/1.1 200 OK..Server: Microsoft-IIS/5.0..Date: Thu, 14 Mar 2002 14:37:54 GMT..Connection: Keep-Alive..Content-Length:
1270..
|___ 135 DCE endpoint resolution
|___ 139 NETBIOS Session Service
|___ 443 https MCom
|___ 445 Microsoft-DS
|___ 1058 nim
|___ 1059 nimreg
|___ 1433 Microsoft-SQL-Server
|___ 5003 Claris FileMaker Pro
####
#!/usr/bin/perl -w
use strict;
my $infile = './portscan2.txt';
my ($ip, @fields, @cname, @ports, @banners);
my @field_names = qw(cname port banner);
my %data;
# Change the input record separator
local $/ = "* +";
open INFILE, "$infile" or die "Can't open $infile: $!\n";
while (){
next unless /\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b/;
$ip = $1;
push (@cname, $1) if /\b$ip\b\s{2,}(\w[^\s]*|\[Unknown\])\s{2}/;
push (@ports, $1) if /((\d{1,5}?)\s{2}(\w[^\n]*))\s{2}/;
push (@banners, $1) if /\Q|___\E\s+([^"]*)\.{1,3}\s+\n/;
my $fields = [@cname, @ports, @banners];
@{$data{$ip}}{@field_names} = [$fields];
}
foreach my $ip (keys %data) {
print "IP = $ip, Computer Name = $data{$ip}{cname}->[0][0]\n";
}
close INFILE;
####
IP = 192.168.99.136, Computer Name = salamander.acme.com
IP = 192.168.99.199, Computer Name = salamander.acme.com
IP = 192.168.99.131, Computer Name = salamander.acme.com
IP = 192.168.99.133, Computer Name = salamander.acme.com