I posted a command I found a while back to strip off the port number from the IP address in tcpdump-style notation, as in 192.168.11.1.23. I was going through my notes and found a quicker way (I believe this was posted as a reply to a Handlers article on the Internet Storm Center.)
The first command was: sed 's/.[^.]*$//' and though it works, of course, it's not real easy to remember on the fly (though we love regex... how much easier our jobs are because of it).
The simpler way is to use the cut command, like this: cut -d. -f1,2,3,4
This simply displays the first four fields delimited by a period, so it drops the last one (the port number). As Lola of Nick Jr. and book fame says, "Easy peasy lemon squeezie!"
Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.