So my command is:
tshark -Y 'wlan.fc.type_subtype==0x04'
So my output is:
21401 205.735966 Apple_90:ea:8e -> Broadcast 802.11 155 Probe Request, SN=3667, FN=0, Flags=........C, SSID=Broadcast
How can I get Apple_90:ea:8e + SSID=Broadcast and whats the logic behind the grep? Is it possible with grep?
Considering that: Apple_90:ea:8e and Broadcast will always change!
Advertisement
Answer
$ var='21401 205.735966 Apple_90:ea:8e -> Broadcast 802.11 155 Probe Request, SN=3667, FN=0, Flags=........C, SSID=Broadcast' $ grep -oP 'S+(?= ->)|SSID=S+' <<< "$var" Apple_90:ea:8e SSID=Broadcast
The grep option -o says “only return what was matched, not the whole line” and -P is to use the Perl regex engine (because we use look-arounds). The regex is
S+ # One or more non-spaces (?= ->) # followed by " ->" | # or... SSID=S+ # "SSID=" and one or more non-spaces