feature request: ragrep
CS Lee
geek00l at gmail.com
Tue Jun 17 00:51:25 EDT 2008
Hi Carter,
The repetition works, I try to apply .{5,} and it will do at least with
minimum 5 character before the matching.
Thanks for the clue, I do use repetition but haven't use it with ragrep, i
will try out the s: and d: matching.
Blame my brain damage ;]
On Tue, Jun 17, 2008 at 1:57 AM, Carter Bullard <carter at qosient.com> wrote:
> Yes, put a "s:" or a "d:" in front of the string.Carter
>
>
> On Jun 16, 2008, at 1:19 PM, Nick Diel wrote:
>
> Hey guys,
>
> Is is possible to grep only the source or the destination user data?
>
> Thanks,
> Nick
>
> On Mon, Jun 16, 2008 at 10:37 AM, Carter Bullard <carter at qosient.com>
> wrote:
>
>> Hey CS Lee,So can't you specify this using regular expression anchors
>> and
>> repetition? So you want to find "root" anywhere after 11 characters
>> from the front of the user data.
>>
>> -e "^.{11}.*root"
>>
>> The '^' anchors the search at the start of the string. the ".{11}"
>> requires
>> that there be 11 characters of something, and then anywhere after that,
>> the regular expression will match 'root'.
>>
>> Does that do it?
>>
>> Carter
>>
>> On Jun 15, 2008, at 11:05 AM, CS Lee wrote:
>>
>> hi carter,
>>
>> I'm making a request about ragrep to add the search range offset. For
>> example the matching only apply to first 10 bytes in user data, or between
>> 25-30 bytes in user data. With the range specification it can reduce false
>> positive to filter desired flows.
>>
>> Thanks.
>>
>> --
>> Best Regards,
>>
>> CS Lee<geek00L[at]gmail.com>
>>
>> http://geek00l.blogspot.com
>>
>>
>>
>
>
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080617/18d98c5c/attachment.html>
More information about the argus
mailing list