python3 arp-scan and mac parsing
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
asked Nov 22 '18 at 13:56
CristinaCristina
6
add a comment |
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
asked Nov 22 '18 at 13:56
CristinaCristina
6
add a comment |
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
asked Nov 22 '18 at 13:56
CristinaCristina
6
I'm trying to parse the mac addresses from arp-scan output.
There's an example:
import re
from subprocess import Popen, PIPE
def get_active_hosts():
with Popen(['sudo', 'arp-scan', '-l', '-r', '5'], stdout = PIPE) as proc:
mac_list = re.compile('s+(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})s+')
mac_list = mac_list.findall(proc.stdout.read().decode('utf-8'))
return mac_list
print(get_active_hosts())
But I got this output:
[('4a:c3:26:0e:85:d0', '85:', '0')]
What's going on ? How to capture only mac addresses without this trash:
[('85:', '0')]
Thanks for advice.
python python-3.x mac-address arp
python python-3.x mac-address arp
asked Nov 22 '18 at 13:56
CristinaCristina
6
asked Nov 22 '18 at 13:56
CristinaCristina
6
edited Nov 22 '18 at 14:35
Cristina
asked Nov 22 '18 at 13:56
CristinaCristina
6
asked Nov 22 '18 at 13:56
CristinaCristina
6
asked Nov 22 '18 at 13:56
CristinaCristina
6
6
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
add a comment |
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432564%2fpython3-arp-scan-and-mac-parsing%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
add a comment |
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
add a comment |
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
findall is returning all of the matching groups that it found. Groups are declared using a set of parentheses. Your regular expression contains three groups as follows:
(([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]){2})
([0-9A-Fa-f]{2}:)
([0-9A-Fa-f])
So now hopefully you understand why findall gives you three matches, and why they look like they do.
The solution here is to declare these extra groups (the ones you don't want) to be non-capturing by putting ?: after the opening parenthesis as follows:
mac_list = re.compile('s+((?:[0-9A-Fa-f]{2}:){5}(?:[0-9A-Fa-f]){2})s+')
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
answered Nov 22 '18 at 15:01
Rob BrichenoRob Bricheno
2,325218
2,325218
add a comment |
add a comment |
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
add a comment |
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
add a comment |
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
Let's look at the documentation on the findall method:
re.findall(pattern, string, flags=0)
Return all non-overlapping matches of pattern in string, as a list of strings. The string is scanned left-to-right, and matches are
returned in the order found. If one or more groups are present in the
pattern, return a list of groups; this will be a list of tuples if the
pattern has more than one group. Empty matches are included in the
result.
Changed in version 3.7: Non-empty matches can now start just after a previous empty match.
Pay attention to the bold text. You have more than one groups in the pattern:
- (([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]) => '4a:c3:26:0e:85:d0'
- ([0-9A-Fa-f]{2}:) => '85:'
- ([0-9A-Fa-f]) => '0'
And as documentation said you get a list of tuple with captured groups.
To get only full mac address you need specify non-capturing parenthesis into regexp. The re module documentation says:
(?:...)
A non-capturing version of regular parentheses. Matches whatever regular expression is inside the parentheses, but the substring
matched by the group cannot be retrieved after performing a match or
referenced later in the pattern.
So, fix all non-main parenthesis (which not capture the entire mac address).
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
answered Nov 22 '18 at 15:15
chinarulezzzchinarulezzz
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432564%2fpython3-arp-scan-and-mac-parsing%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
