0

## 關於python_regular_expression的問題

import re

str1 = """TCP source 12.168.189.167:32806 destination 1.78.5.128:65247, idle 0:00:00, bytes 74, flags UIO
TCP source 192.168.189.167:80 destination 137.78.5.128:65233, idle 0:00:03, bytes 334516, flags UIO """
print(str1)
list1 = str1.split('\n')
for x in list1:
result = re.match(
".(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(\d{1,5}).(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(\d{1,5}).bytes\s+("
"\d+).flags\s+(\w)\s
", x).groups()
print(result)

('2.168.189.167', '32806', '1.78.5.128', '65247', '74', 'UIO')
('2.168.189.167', '80', '7.78.5.128', '65233', '334516', 'UIO')

(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9])

### 5 個回答

1

iT邦大神 1 級 ‧ 2021-02-23 19:49:30

Regular Expression只要差一個char就會錯

``````import re

str1 = """TCP source 12.168.189.167:32806 destination 1.78.5.128:65247, idle 0:00:00, bytes 74, flags UIO
TCP source 192.168.189.167:80 destination 137.78.5.128:65233, idle 0:00:03, bytes 334516, flags UIO """
print(str1)
list1 = str1.split('\n')
for x in list1:
result = re.match(
".(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(\d{1,5}).(\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}):(\d{1,5}).bytes\s+("
"\d+).flags\s+(\w)\s", x).groups()
print(result)
``````

dgullou iT邦新手 5 級 ‧ 2021-02-23 19:53:39 檢舉

`.*`改成`destination`試試看

``````(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}) destination (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}).+bytes (\d+).+flags (\w+)
``````
1
froce
iT邦大師 1 級 ‧ 2021-02-23 22:02:58
``````import re
str1 = """TCP source 12.168.189.167:32806 destination 1.78.5.128:65247, idle 0:00:00, bytes 74, flags UIO
TCP source 192.168.189.167:80 destination 137.78.5.128:65233, idle 0:00:03, bytes 334516, flags UIO """

print(re.findall("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}).+bytes (\d+).+flags (\w+)", str1))
``````

match是從字串開始去找模式，而且只傳回一個，你有辦法找到才有鬼。

dgullou iT邦新手 5 級 ‧ 2021-02-24 09:44:39 檢舉

('2.168.189.167', '80', '7.78.5.128', '65233', '334516', 'UIO')

``````print(re.findall("(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}).*(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}).+bytes (\d+).+flags (\w+)", str1))
``````

froce iT邦大師 1 級 ‧ 2021-02-24 10:09:59 檢舉
``````.+source (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}) destination (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d{1,5}).+bytes (\d+).+flags (\w+)
``````

dgullou iT邦新手 5 級 ‧ 2021-02-24 10:21:25 檢舉

``````import re

str1 = """TCP source 12.168.189.167:32806 destination  1.78.5.128:65247, idle 0:00:00, bytes 74, flags UIO
TCP source 192.168.189.167:80 destination  137.78.5.128:65233, idle 0:00:03, bytes 334516, flags UIO """
print(str1)
list1 = str1.split('\n')
dict1 = {}
for x in list1:
result = re.match(
"(.*\s\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5}).*\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}):(\d{1,5}).*bytes\s+("
"\d+).*flags\s+(\w*)\s*", x).groups()
print(result)
``````
1
japhenchen
iT邦超人 1 級 ‧ 2021-02-24 10:29:07

regularExpress裡的 . 是任意字元的意思，跟ip位址裡的小數點是不同意思，你的

``````\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}
``````

"1234567" 也能通過測試

``````(\d+)\.(\d+)\.(\d+)\.(\d+)
``````

https://regex101.com/r/nKTnq6/2/

froce iT邦大師 1 級 ‧ 2021-02-24 11:11:16 檢舉

(\d+)9999也能過，所以我個人是不太建議啦...

0

iT邦新手 5 級 ‧ 2021-02-24 14:02:38

``````(?<=source\s)(.*):(.*)\sd
``````

https://regex101.com/r/DPGHwn/2

0
nwm310
iT邦新手 4 級 ‧ 2021-02-24 21:44:28

``````>>> import re
>>> s = "source 192"
>>> re.match(".*(\d{1,3})",s).groups()
('2',)
>>> re.match(".*(\d{2,3})",s).groups()
('92',)
>>> re.match(".*(\d{3})",s).groups()
('192',)
>>> re.match("\D*(\d{1,3})",s).groups()
('192',)
``````