Grep with color and multiple excludes - grep

I would like to do a grep to dig through my code hierarchy and look for the term "x", but color the results and exclude annoying terms. Right now I do:
grep -Rn --color x * | grep -v -e html -e svn -e test -e doc -e y
The problem is that this loses the matching color because of the pipe. Is there anyway to make this one statement so that the coloring isn't lost?

Specify --color=always to preserve color formatting through pipes:
grep --color=always x * | grep -v -e html -e svn -e test -e doc -e y
And later on if you happen to need to pipe the result into a file and need to remove the escape characters that format color, here's a nifty sed script you can pipe your results through to remove the escape charaters:
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g"
(Note that you need -E option instead of -r for OS X)

You can try repeating the color search:
grep -Rn --color x * | grep -v -e html -e svn -e test -e doc -e y | grep --color x

Related

Combine multiple grep regular expression into one command

Consider this input file:
bam/pfg413T.GRCh38DH.target.bai
bam/pfg413T.GRCh38DH.target.bam
bam/pfg413T.GRCh38DH.target.bam
bam/pfg416G.GRCh38DH.target.bai
bam/pfg416G.GRCh38DH.target.bam
How can I combine the following multiple grep -E into one grep -E pipe ?
readlink -f exomesinglesample_out/bam/pfg* | grep -E 'pfg[0-9]*G' | grep -E 'bam$'

How to write noncapturing groups in egrep

The following command does not correctly capture the 16714 from 16714 ssh -f -N -T -R3300:localhost:22
egrep -o '^[^ ]+(?= .*[R]3300:localhost:22)'
(However swapping to grep does if you use the -P flag. I was expecting egrep to be able to handle this)
grep -P forces grep to use the Perl regexp engine.
egrep is the same as grep -E and it forces grep to use the ERE (extended regular expression) engine, that does not support lookahead.
You can find a quick reference of the differences between Perl and ERE (and others) here : http://www.greenend.org.uk/rjk/tech/regexp.html
To handle this with POSIX grep, you would use grep to isolate the lines of interest and then use cut to isolate the fields of interest:
$ echo "16714 ssh -f -N -T -R3300:localhost:22" | grep 'R3300:localhost:22' | cut -d' ' -f1
16714
Or, just use awk:
$ echo "16714 ssh -f -N -T -R3300:localhost:22" | awk '/R3300:localhost:22/{print $1}'
16714

Multiple filter in tshark

The filters -Y, -2 and -R in tshark confusing in Wireshark version 2.XX.
In version 1.8, we were able to apply multiple filters and save the filtered packets in csv file using command below:
tshark.exe -r src.pcap -T fields -e frame.number -e frame.time -e frame.len -e ip.src -e ip.dst -e udp.srcport -e udp.dstport -E header=y -E separator=, -E quote=d -E occurrence=f -R (ip.src==x.x.x.x)&&(ip.dst==y.y.y.y) > filtered.csv
But this command does not work in versions 2.x. Please help if someone applied multi-filter in new Wireshark versions.
You should be able to achieve what you want by replacing -R (ip.src==x.x.x.x)&&(ip.dst==y.y.y.y) with -Y "(ip.src==x.x.x.x)&&(ip.dst==y.y.y.y)".
On windows 7, I had this working with wireshark 2.2.1, adding -2 and quoting the string that follow -R option, like this:
tshark.exe -r mypcap.pcapng -T fields -2 -e frame.number -e frame.time -e frame.len -E header=y -E separator=, -E quote=d -E occurrence=f -R "(ip.src==192.168.1.20)&&(ip.dst==20.1.168.192)"
Not quoting the expression after "-R" results in printing fields and evaluate expression. If the expression results TRUE, the filter is recognized and the result is given. Otherwise the filter (e.g. ip.src) will be evalued as a command by the system, resulting in "command not recognized"

How to add an extra column to Tshark's output (while keeping the default ones)?

I would like to add a Tshark column that tells me which type of ICMP-packet has been captured. This would be the following: icmp.type
While I still need the default columns, how can I make Tshark also show this one?
I've already seen the option to work with -T fields and -e but then all the default columns are left out.
You can add the default columns and use for instance:
tshark -i 1 -T fields -e frame.number -e frame.time -e eth.src -e eth.dst -e frame.protocols -e _ws.col.Protocol -e _ws.col.Info -e icmp.type -E header=y > output.csv
See tshark -h or the man-page for more information.
If you want to add something to the default summary output, you can also use:
-z proto,colinfo,filter,field
For example something like:
-z proto,colinfo,tcp.seq,tcp.seq
Will show this:
1 2018-10-10 10:39:54 192.168.0.10 -> 192.168.0.1 SSH 198 Encrypted response packet len=132 tcp.seq == 1

why grep promt "Invalid range end"?

I have a file a:
$ cat a
abcd
kaka
when using the command:
$ grep -e '[a-d]' a
abcd
kaka
It works well, but why those command is not right?
$ grep -e '[\x61-\x74]' a
grep: Invalid range end
$ grep -e '[\u0061-\u0074]' a
grep: Invalid range end
Assuming that your version of grep supports PCRE ("Perl-compatible regular expressions"), you can try:
grep -P '[\x61-\x74]' a
This would return the expected output:
abcd
kaka

Resources