1

What my code is suppose to do is take in user input search terms then iterate through a tcp dump file and find every instance of that term by packet. The src IP acts as the header to each packet in my output.

So I am having an issue with the fileIn being seemingly erased when it iterates through the first term. So when the program goes to look at the second user input search term it obviously can't find anything. Here is what I have:

import re
searchTerms = []

fileIn = open('ascii_dump.txt', 'r')

while True:
    userTerm = input("Enter the search terms (End to stop): ")
    if userTerm == 'End':
        break
    else:
        searchTerms.append(userTerm)

ipPattern = re.compile(r'((?:\d{1,3}\.){3}\d{1,3})')

x = 0

while True:
    print("Search Term is:", searchTerms[x])
    for line in fileIn:
        ipMatch = ipPattern.search(line)
        userPattern = re.compile(searchTerms[x])
        userMatch = userPattern.search(line)

        if ipMatch is not None:
            print(ipMatch.group())

        if userMatch is not None:
            print(userMatch.group())
    x += 1
    if x >= len(searchTerms):
       break
Improve this question

2 Answers 2

Reset to default
1

This happens because you opened the file object as an iterator which is consumed in the first past through the for loop.

During the second time through the loop, the for line in fileIn will not be evaluated since the iterator fileIn has already been consumed.

A quick fix is to do this:

lines = open('ascii_dump.txt', 'r').readlines()

then in your for loop, change the for line in fileIn to:

for line in lines:

Having said this, you should rewrite your code to do all regex matches in a single pass using the regex or operator.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for your help as well! Both methods provided work. As I mentioned in a comment above: "my next issue is I need to also display the first 20 chars before the found search term and the 20 chars after the search term. for regex I know that would be something along the lines of: [.+]{20}\.VARIABLE\.[.+]{20}. With the escaped '.' being used because this is how tcp dump separates strings".
0

You need to "rewind" the file after the for line in fileIn loop:

...
fileIn.seek(0);
x += 1
Improve this answer

3 Comments

Thanks for your help. My next issue is I need to also display the first 20 chars before the found search term and the 20 chars after the search term. for regex I know that would be something along the lines of: [.+]{20}\.VARIABLE\.[.+]{20}. With the escaped '.' being used because this is how tcp dump separates strings.
How about userPattern = re.compile('.{20}\.%s\..{20}' % searchTerms[x])
Hey. Turns out it can be up to 20 before or after so I just added {0,20} on each side of %s. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.