Tshark 自定义 grep
Tshark custom grep
所以我的命令是:
tshark -Y 'wlan.fc.type_subtype==0x04'
所以我的输出是:
21401 205.735966 Apple_90:ea:8e -> Broadcast 802.11 155 Probe Request, SN=3667, FN=0, Flags=........C, SSID=Broadcast
如何获得 Apple_90:ea:8e + SSID=Broadcast 以及 grep 背后的逻辑是什么? grep 可以吗?
考虑到:Apple_90:ea:8e 和广播将永远改变!
$ var='21401 205.735966 Apple_90:ea:8e -> Broadcast 802.11 155 Probe Request, SN=3667, FN=0, Flags=........C, SSID=Broadcast'
$ grep -oP '\S+(?= ->)|SSID=\S+' <<< "$var"
Apple_90:ea:8e
SSID=Broadcast
grep 选项 -o 说 "only return what was matched, not the whole line" 和 -P 是使用 Perl 正则表达式引擎(因为我们使用环视)。正则表达式是
\S+ # One or more non-spaces
(?= ->) # followed by " ->"
| # or...
SSID=\S+ # "SSID=" and one or more non-spaces
所以我的命令是:
tshark -Y 'wlan.fc.type_subtype==0x04'
所以我的输出是:
21401 205.735966 Apple_90:ea:8e -> Broadcast 802.11 155 Probe Request, SN=3667, FN=0, Flags=........C, SSID=Broadcast
如何获得 Apple_90:ea:8e + SSID=Broadcast 以及 grep 背后的逻辑是什么? grep 可以吗?
考虑到:Apple_90:ea:8e 和广播将永远改变!
$ var='21401 205.735966 Apple_90:ea:8e -> Broadcast 802.11 155 Probe Request, SN=3667, FN=0, Flags=........C, SSID=Broadcast'
$ grep -oP '\S+(?= ->)|SSID=\S+' <<< "$var"
Apple_90:ea:8e
SSID=Broadcast
grep 选项 -o 说 "only return what was matched, not the whole line" 和 -P 是使用 Perl 正则表达式引擎(因为我们使用环视)。正则表达式是
\S+ # One or more non-spaces
(?= ->) # followed by " ->"
| # or...
SSID=\S+ # "SSID=" and one or more non-spaces