feature request: ragrep
Nick Diel
nick at engineerity.com
Mon Jun 16 13:19:11 EDT 2008
Hey guys,
Is is possible to grep only the source or the destination user data?
Thanks,
Nick
On Mon, Jun 16, 2008 at 10:37 AM, Carter Bullard <carter at qosient.com> wrote:
> Hey CS Lee,So can't you specify this using regular expression anchors and
> repetition? So you want to find "root" anywhere after 11 characters
> from the front of the user data.
>
> -e "^.{11}.*root"
>
> The '^' anchors the search at the start of the string. the ".{11}"
> requires
> that there be 11 characters of something, and then anywhere after that,
> the regular expression will match 'root'.
>
> Does that do it?
>
> Carter
>
> On Jun 15, 2008, at 11:05 AM, CS Lee wrote:
>
> hi carter,
>
> I'm making a request about ragrep to add the search range offset. For
> example the matching only apply to first 10 bytes in user data, or between
> 25-30 bytes in user data. With the range specification it can reduce false
> positive to filter desired flows.
>
> Thanks.
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080616/d11adcbe/attachment.html>
More information about the argus
mailing list