So i faced an issue with complex matching that i'm trying to perform over Tcpdump output.
From a output line that i receive, i want to get only two regex matched pattern values, but the issue is that they are not answering the same regex pattern.
When i'm writing the whole output to a file and then grepping, sometimes some of the values are missed and that's way i want to get my values on the fly.
the command that i'm performing is :
tcpdump -U -n -i eth2 -v -e -s 1500 '((port 67 or port 68) and (udp[247:4] = 0x63350101))'
My two regex:
1) grep -Eo '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2} >' | awk '{print$1}'
2) grep -Eo 'Request from ([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | awk '{print$3}'
The example output :
14:29:16.832592 00:00:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 303: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 289) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 11:11:11:11:11:11, length 261, xid 0x4eb03662, Flags [Broadcast]
My needed output (append to a file) : 00:00:00:00:00:00, 11:11:11:11:11:11
Thanks !
sed.