python3 arp-scan and mac parsing











up vote
0
down vote

favorite












I'm trying to parse the mac addresses from arp-scan output.
There's an example:



import re
from subprocess import Popen, PIPE

def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())


But I got this output:



[('4a:c3:26:0e:85:d0', '85:', '0')]


What's going on ? How to capture only mac addresses without this trash:



[('85:', '0')]



Thanks for advice.










share|improve this question




























    up vote
    0
    down vote

    favorite












    I'm trying to parse the mac addresses from arp-scan output.
    There's an example:



    import re
    from subprocess import Popen, PIPE

    def get_active_hosts():
    with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
    mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
    mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
    return mac_list
    print(get_active_hosts())


    But I got this output:



    [('4a:c3:26:0e:85:d0', '85:', '0')]


    What's going on ? How to capture only mac addresses without this trash:



    [('85:', '0')]



    Thanks for advice.










    share|improve this question


























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm trying to parse the mac addresses from arp-scan output.
      There's an example:



      import re
      from subprocess import Popen, PIPE

      def get_active_hosts():
      with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
      mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
      mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
      return mac_list
      print(get_active_hosts())


      But I got this output:



      [('4a:c3:26:0e:85:d0', '85:', '0')]


      What's going on ? How to capture only mac addresses without this trash:



      [('85:', '0')]



      Thanks for advice.










      share|improve this question















      I'm trying to parse the mac addresses from arp-scan output.
      There's an example:



      import re
      from subprocess import Popen, PIPE

      def get_active_hosts():
      with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
      mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
      mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
      return mac_list
      print(get_active_hosts())


      But I got this output:



      [('4a:c3:26:0e:85:d0', '85:', '0')]


      What's going on ? How to capture only mac addresses without this trash:



      [('85:', '0')]



      Thanks for advice.







      python python-3.x mac-address arp






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 22 at 14:35

























      asked Nov 22 at 13:56









      Cristina

      6




      6
























          2 Answers
          2






          active

          oldest

          votes

















          up vote
          0
          down vote













          findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:



          (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
          ([0-9A-Fa-f]{2}:)
          ([0-9A-Fa-f])


          So now hopefully you understand why findall gives you three matches, and why they look like they do.



          The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:



          mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')





          share|improve this answer




























            up vote
            0
            down vote













            Let's look at the documentation on the findall method:




            re.findall(pattern, string, flags=0)



            Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
            returned in the order found. If one or more groups are present in the
            pattern, return a list of groups; this will be a list of tuples if the
            pattern has more than one group.
            Empty matches are included in the
            result.



            Changed in version 3.7: Non-empty matches can now start just after a previous empty match.




            Pay attention to the bold text. You have more than one groups in the pattern:




            • (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'

            • ([0-9A-Fa-f]{2}:) => '85:'

            • ([0-9A-Fa-f]) => '0'


            And as documentation said you get a list of tuple with captured groups.



            To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:




            (?:...)
            A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
            matched by the group cannot be retrieved after performing a match or
            referenced later in the pattern.




            So, fix all non-main parenthesis (which not capture the entire mac address).






            share|improve this answer





















              Your Answer






              StackExchange.ifUsing("editor", function () {
              StackExchange.using("externalEditor", function () {
              StackExchange.using("snippets", function () {
              StackExchange.snippets.init();
              });
              });
              }, "code-snippets");

              StackExchange.ready(function() {
              var channelOptions = {
              tags: "".split(" "),
              id: "1"
              };
              initTagRenderer("".split(" "), "".split(" "), channelOptions);

              StackExchange.using("externalEditor", function() {
              // Have to fire editor after snippets, if snippets enabled
              if (StackExchange.settings.snippets.snippetsEnabled) {
              StackExchange.using("snippets", function() {
              createEditor();
              });
              }
              else {
              createEditor();
              }
              });

              function createEditor() {
              StackExchange.prepareEditor({
              heartbeatType: 'answer',
              convertImagesToLinks: true,
              noModals: true,
              showLowRepImageUploadWarning: true,
              reputationToPostImages: 10,
              bindNavPrevention: true,
              postfix: "",
              imageUploader: {
              brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
              contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
              allowUrls: true
              },
              onDemand: true,
              discardSelector: ".discard-answer"
              ,immediatelyShowMarkdownHelp:true
              });


              }
              });














              draft saved

              draft discarded


















              StackExchange.ready(
              function () {
              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432564%2fpython3-arp-scan-and-mac-parsing%23new-answer', 'question_page');
              }
              );

              Post as a guest















              Required, but never shown

























              2 Answers
              2






              active

              oldest

              votes








              2 Answers
              2






              active

              oldest

              votes









              active

              oldest

              votes






              active

              oldest

              votes








              up vote
              0
              down vote













              findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:



              (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
              ([0-9A-Fa-f]{2}:)
              ([0-9A-Fa-f])


              So now hopefully you understand why findall gives you three matches, and why they look like they do.



              The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:



              mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')





              share|improve this answer

























                up vote
                0
                down vote













                findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:



                (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
                ([0-9A-Fa-f]{2}:)
                ([0-9A-Fa-f])


                So now hopefully you understand why findall gives you three matches, and why they look like they do.



                The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:



                mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')





                share|improve this answer























                  up vote
                  0
                  down vote










                  up vote
                  0
                  down vote









                  findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:



                  (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
                  ([0-9A-Fa-f]{2}:)
                  ([0-9A-Fa-f])


                  So now hopefully you understand why findall gives you three matches, and why they look like they do.



                  The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:



                  mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')





                  share|improve this answer












                  findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:



                  (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
                  ([0-9A-Fa-f]{2}:)
                  ([0-9A-Fa-f])


                  So now hopefully you understand why findall gives you three matches, and why they look like they do.



                  The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:



                  mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Nov 22 at 15:01









                  Rob Bricheno

                  2,280118




                  2,280118
























                      up vote
                      0
                      down vote













                      Let's look at the documentation on the findall method:




                      re.findall(pattern, string, flags=0)



                      Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
                      returned in the order found. If one or more groups are present in the
                      pattern, return a list of groups; this will be a list of tuples if the
                      pattern has more than one group.
                      Empty matches are included in the
                      result.



                      Changed in version 3.7: Non-empty matches can now start just after a previous empty match.




                      Pay attention to the bold text. You have more than one groups in the pattern:




                      • (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'

                      • ([0-9A-Fa-f]{2}:) => '85:'

                      • ([0-9A-Fa-f]) => '0'


                      And as documentation said you get a list of tuple with captured groups.



                      To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:




                      (?:...)
                      A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
                      matched by the group cannot be retrieved after performing a match or
                      referenced later in the pattern.




                      So, fix all non-main parenthesis (which not capture the entire mac address).






                      share|improve this answer

























                        up vote
                        0
                        down vote













                        Let's look at the documentation on the findall method:




                        re.findall(pattern, string, flags=0)



                        Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
                        returned in the order found. If one or more groups are present in the
                        pattern, return a list of groups; this will be a list of tuples if the
                        pattern has more than one group.
                        Empty matches are included in the
                        result.



                        Changed in version 3.7: Non-empty matches can now start just after a previous empty match.




                        Pay attention to the bold text. You have more than one groups in the pattern:




                        • (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'

                        • ([0-9A-Fa-f]{2}:) => '85:'

                        • ([0-9A-Fa-f]) => '0'


                        And as documentation said you get a list of tuple with captured groups.



                        To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:




                        (?:...)
                        A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
                        matched by the group cannot be retrieved after performing a match or
                        referenced later in the pattern.




                        So, fix all non-main parenthesis (which not capture the entire mac address).






                        share|improve this answer























                          up vote
                          0
                          down vote










                          up vote
                          0
                          down vote









                          Let's look at the documentation on the findall method:




                          re.findall(pattern, string, flags=0)



                          Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
                          returned in the order found. If one or more groups are present in the
                          pattern, return a list of groups; this will be a list of tuples if the
                          pattern has more than one group.
                          Empty matches are included in the
                          result.



                          Changed in version 3.7: Non-empty matches can now start just after a previous empty match.




                          Pay attention to the bold text. You have more than one groups in the pattern:




                          • (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'

                          • ([0-9A-Fa-f]{2}:) => '85:'

                          • ([0-9A-Fa-f]) => '0'


                          And as documentation said you get a list of tuple with captured groups.



                          To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:




                          (?:...)
                          A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
                          matched by the group cannot be retrieved after performing a match or
                          referenced later in the pattern.




                          So, fix all non-main parenthesis (which not capture the entire mac address).






                          share|improve this answer












                          Let's look at the documentation on the findall method:




                          re.findall(pattern, string, flags=0)



                          Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
                          returned in the order found. If one or more groups are present in the
                          pattern, return a list of groups; this will be a list of tuples if the
                          pattern has more than one group.
                          Empty matches are included in the
                          result.



                          Changed in version 3.7: Non-empty matches can now start just after a previous empty match.




                          Pay attention to the bold text. You have more than one groups in the pattern:




                          • (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'

                          • ([0-9A-Fa-f]{2}:) => '85:'

                          • ([0-9A-Fa-f]) => '0'


                          And as documentation said you get a list of tuple with captured groups.



                          To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:




                          (?:...)
                          A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
                          matched by the group cannot be retrieved after performing a match or
                          referenced later in the pattern.




                          So, fix all non-main parenthesis (which not capture the entire mac address).







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Nov 22 at 15:15









                          chinarulezzz

                          1




                          1






























                              draft saved

                              draft discarded




















































                              Thanks for contributing an answer to Stack Overflow!


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.





                              Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                              Please pay close attention to the following guidance:


                              • Please be sure to answer the question. Provide details and share your research!

                              But avoid



                              • Asking for help, clarification, or responding to other answers.

                              • Making statements based on opinion; back them up with references or personal experience.


                              To learn more, see our tips on writing great answers.




                              draft saved


                              draft discarded














                              StackExchange.ready(
                              function () {
                              StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432564%2fpython3-arp-scan-and-mac-parsing%23new-answer', 'question_page');
                              }
                              );

                              Post as a guest















                              Required, but never shown





















































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown

































                              Required, but never shown














                              Required, but never shown












                              Required, but never shown







                              Required, but never shown







                              Popular posts from this blog

                              What visual should I use to simply compare current year value vs last year in Power BI desktop

                              How to ignore python UserWarning in pytest?

                              Alexandru Averescu