Regular Expression - search until specific string appears

Question

I'm using ngrep and grep to extract some strings out of network traffic:

sudo ngrep -W byline | grep...

Now I want grep to search for a string and copy from first letter on until some different string appears. Strings are rtmp and .. For example:

"fwef-$*nVrtmp://Ggdggragravrv.com/lolwtf.mp5skill0rz%%&:/getr4kt..Glub"

should turn into:

"rtmp://Ggdggragravrv.com/lolwtf.mp5skill0rz%%&:/getr4kt"

Is this possible in any way?

score 1 · Accepted Answer · answered Jan 12 '15 at 18:18

1

You could try the below grep command which uses a positive lookahead based regex,

$ echo "fwef-$*nVrtmp://Ggdggragravrv.com/lolwtf.mp5skill0rz%%&:/getr4kt..Glub" | grep -oP 'rtmp.*?(?=\.\.)'
rtmp://Ggdggragravrv.com/lolwtf.mp5skill0rz%%&:/getr4kt

answered Jan 12 '15 at 18:18

Avinash Raj

172,303
28
230
274

Update your question with the exact input. – Avinash Raj Jan 12 '15 at 18:44
@RainerZufall - what do you mean ".." before rtmp ? Could it be either `.. rtmp` or `rtmp ..` or even `rtmp rtmp` or `.. ..` ? – Jan 12 '15 at 18:45
@sln OK, thanks so far. What about this one? input: "......mp3:mp3/19695c8f0fcbe45521908c3ec60f8f96554a523e?Expires=1421093669&Signature=KstuSlKVypnPEF6Ird.zT52iys5yNCGVIPV1PfMCk35ZMdBPCKmnqVdKp1QjQpT8aBp4MlBHAriQjlFCDEwq98ZiFXctlDxdADDeiAlkOu0ByOWDjlCA9zn1LEmiqHIQlmqb0FsruhaD~XaqL1G.BbuQoZ6sGZw12jsgA1YIv8JgDXafQrDcU9HL1yja~8pAAr6lsarl7q3kb97oqJhTGecBYqlqA0dcuDig0A62BQJYxqGk84xfDy6jpbtQrAu4IqLdxVZqw98b4W0oQtMP.qbtyreZ-eaVdFN0rP2MDevoIwSAJv0~O5MEiTp0yOxCF764F0PBrnuMWUPLnyhnt~QWg__&Key-Pair-Id=APKAJXKSII4ED2EOGZZA#" output: mp3/ until # but not including # – Rainer Zufall Jan 12 '15 at 20:36
@RainerZufall - `mp3/[^#]*(?=#)` – Jan 14 '15 at 20:38

score 0 · Answer 2 · 2015-01-12T18:54:28.610

0

This covers rtmp to just before ..
and .. to just before rtmp.
and rtmp to just before rtmp,
and .. to just before ..

 # (?:rtmp|\.\.)(?:(?!rtmp|\.\.).)*(?=\.\.|rtmp)

 (?: rtmp | \.\. )
 (?:
      (?! rtmp | \.\. )
      . 
 )*
 (?= \.\. | rtmp )

edited Jan 12 '15 at 18:54

answered Jan 12 '15 at 18:27

score 0 · Answer 3 · answered Jan 12 '15 at 22:13

If you don't have perl(-compatible) regular expressions available, you can do the match with ordinary egrep. However, you have to figure out the inverse of the terminating expression. For example, if a string terminates just before .., then it matches any sequence which does not contain .., which means that it matches any character which is not a period, or a period followed by a character which is not a period. That's the same as saying "an optional period followed by a non-period":

$ echo "fwef-$*nVrtmp://Ggdggragravrv.com/lolwtf.mp5skill0rz%%&:/getr4kt..Glub" |
> grep -oE 'rtmp:([.]?[^.])*'
rtmp://Ggdggragravrv.com/lolwtf.mp5skill0rz%%&:/getr4kt

If the terminating string is a single character, that's even easier: just match anything other than the terminator. For example, to match a string up to but not including a ?:

$ echo "......mp3:mp3/19695c8f0fcbe45521908c3ec60f8f96554a523e?Expires=1421093669&..." |
> grep -oE 'mp3/[^?]*'
mp3/19695c8f0fcbe45521908c3ec60f8f96554a523e

Regular Expression - search until specific string appears

3 Answers3