feature request: ragrep

Carter Bullard carter at qosient.com
Mon Jun 16 13:57:19 EDT 2008


Yes, put a "s:" or a "d:" in front of the string.
Carter

On Jun 16, 2008, at 1:19 PM, Nick Diel wrote:

> Hey guys,
>
> Is is possible to grep only the source or the destination user data?
>
> Thanks,
> Nick
>
> On Mon, Jun 16, 2008 at 10:37 AM, Carter Bullard  
> <carter at qosient.com> wrote:
> Hey CS Lee,
> So can't you specify  this using regular expression anchors and
> repetition?  So you want to find "root" anywhere after 11 characters
> from the front of the user data.
>
>    -e "^.{11}.*root"
>
> The '^' anchors the search at the start of the string.  the ".{11}"  
> requires
> that there be 11 characters of something, and then anywhere after  
> that,
> the regular expression will match 'root'.
>
> Does that do it?
>
> Carter
>
> On Jun 15, 2008, at 11:05 AM, CS Lee wrote:
>
>> hi carter,
>>
>> I'm making a request about ragrep to add the search range offset.  
>> For example the matching only apply to first 10 bytes in user data,  
>> or between 25-30 bytes in user data. With the range specification  
>> it can reduce false positive to filter desired flows.
>>
>> Thanks.
>>
>> -- 
>> Best Regards,
>>
>> CS Lee<geek00L[at]gmail.com>
>>
>> http://geek00l.blogspot.com
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080616/d889e1d7/attachment.html>


More information about the argus mailing list