python3 arp-scan and mac parsing
up vote
0
down vote
favorite
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
asked Nov 22 at 13:56
Cristina
6
add a comment |
up vote
0
down vote
favorite
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
asked Nov 22 at 13:56
Cristina
6
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
asked Nov 22 at 13:56
Cristina
6
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
python python-3.x mac-address arp
asked Nov 22 at 13:56
Cristina
6
asked Nov 22 at 13:56
Cristina
6
edited Nov 22 at 14:35
asked Nov 22 at 13:56
Cristina
6
asked Nov 22 at 13:56
Cristina
6
asked Nov 22 at 13:56
Cristina
6
6
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 at 15:01
Rob Bricheno
2,280118
add a comment |
up vote
0
down vote
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 at 15:15
chinarulezzz
1
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 at 15:01
Rob Bricheno
2,280118
add a comment |
up vote
0
down vote
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 at 15:01
Rob Bricheno
2,280118
add a comment |
up vote
0
down vote
up vote
0
down vote
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 at 15:01
Rob Bricheno
2,280118
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 at 15:01
Rob Bricheno
2,280118
answered Nov 22 at 15:01
Rob Bricheno
2,280118
answered Nov 22 at 15:01
Rob Bricheno
2,280118
answered Nov 22 at 15:01
Rob Bricheno
2,280118
2,280118
add a comment |
add a comment |
up vote
0
down vote
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 at 15:15
chinarulezzz
1
add a comment |
up vote
0
down vote
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 at 15:15
chinarulezzz
1
add a comment |
up vote
0
down vote
up vote
0
down vote
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 at 15:15
chinarulezzz
1
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 at 15:15
chinarulezzz
1
answered Nov 22 at 15:15
chinarulezzz
1
answered Nov 22 at 15:15
chinarulezzz
1
answered Nov 22 at 15:15
chinarulezzz
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432564%2fpython3-arp-scan-and-mac-parsing%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
