Print matched regex values from two different patterns in the same line

Question

So i faced an issue with complex matching that i'm trying to perform over Tcpdump output.

From a output line that i receive, i want to get only two regex matched pattern values, but the issue is that they are not answering the same regex pattern.

When i'm writing the whole output to a file and then grepping, sometimes some of the values are missed and that's way i want to get my values on the fly.

the command that i'm performing is :

tcpdump -U -n -i eth2 -v -e -s 1500 '((port 67 or port 68) and (udp[247:4] = 0x63350101))'

My two regex:

1) grep -Eo '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2} >' | awk '{print$1}'

2) grep -Eo 'Request from ([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' | awk '{print$3}'

The example output :

14:29:16.832592 00:00:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 303: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 289) 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 11:11:11:11:11:11, length 261, xid 0x4eb03662, Flags [Broadcast]

My needed output (append to a file) : 00:00:00:00:00:00, 11:11:11:11:11:11

Thanks !

Answer 1

Is this what you need?

$ awk -v FPAT='([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}' -v OFS=', ' '{print $1, $3}' file
00:00:00:00:00:00, 11:11:11:11:11:11

The above uses GNU awk for FPAT and just prints the 1st and 3rd strings from each input line that match the given regexp. If there's other lines in your input than what you've shown us and you don't want anything from those lines printed then tweak it to suit, e.g.:

awk -v FPAT='...' -v OFS=', ' 'NF==3{print $1, $3}' file