0

我需要使用TCL的正则表达式从数据流中检查我的 src ip (11.1.1.1) 和 src mac addr (00:40:43:b9:32:94),如下所示:

Frame 5603: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
Ethernet II, Src: NokiaSie_b9:32:94 (00:40:43:b9:32:94), Dst: OmronTat_53:6a:5b (00:00:0a:53:6a:5b)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1
Internet Protocol Version 4, Src: 11.1.1.1 (11.1.1.1), Dst: 13.1.1.1 (13.1.1.1)
User Datagram Protocol, Src Port: 49184 (49184), Dst Port: 49152 (49152)
Data (44 bytes)
4

1 回答 1

0

干得好:

set data "
    Frame 5603: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
    Ethernet II, Src: NokiaSie_b9:32:94 (00:40:43:b9:32:94), Dst: OmronTat_53:6a:5b (00:00:0a:53:6a:5b)
    802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 1
    Internet Protocol Version 4, Src: 11.1.1.1 (11.1.1.1), Dst: 13.1.1.1 (13.1.1.1)
    User Datagram Protocol, Src Port: 49184 (49184), Dst Port: 49152 (49152)
    Data (44 bytes)
"
regexp {Src:.*?(\([^)]+\)).*?Src:.*?(\([^)]+\))} $data match mac ip
puts "mac = $mac"
puts "ip = $ip"

输出:

mac = (00:40:43:b9:32:94)
ip = (11.1.1.1)
于 2013-03-11T09:02:04.083 回答