flip flopping words

[erik]

I am basically chopping up some netscreen logs and taking the "service"
aka protocol out of each log entry and I am attempting to look up any
unknown protocols in my /etc/services on my Suse box.

Now my array of services looks like this:

winframe udp/88 udp/7001 udp/389 udp/38293 udp/370 udp/3544 udp/3478
udp/2967 udp/1900 udp/1604 tcp/9000 tcp/88 tcp/8080 tcp/8006 tcp/8000
tcp/554 tcp/5050 tcp/4101 tcp/3268 tcp/3128 tcp/2967 tcp/2693 tcp/2442
tcp/1863 tcp/1755 tcp/1521 tcp/135 tcp/1237 tcp/1206 tcp/1202 tcp/1196
tcp/1191 tcp/1186 tcp/1183 tcp/1181 tcp/1177 tcp/1176 tcp/1174 tcp/1173
tcp/1172 tcp/1170 tcp/1169 tcp/1168 tcp/1136 tcp/1132 tcp/1111 tcp/1100
tcp/106 tcp/1055 tcp/1054 tcp/1052 tcp/1051 tcp/1050 tcp/1049 tcp/1044
tcp/1039 tcp/1026 tcp/1025 rpc(tcp) proto:41/1 pptp ldap icmp https
http ftp dns X-Windows VDO-Live-tcp NTP NETBIOS(SSN) NETBIOS(NS)
NETBIOS(DGM) DNS-(TCP) tcp/1176 NETBIOS(SSN)

The format of /etc/services is the opposite, it is 9000/tcp or
3544/udp.... (flip flopped)

I need to flip flop the proper elements in my array so that I can use
them in a grep.

I was thinking of something like

if ($_ eq (^tcp|^udp)){
$_ =~ $1

(I get confused here)

I am using parentheses above and trying to use $1 for what I matched to
paste it on the end of the $_.

Can someone point me in the right direction to turn, for example

tcp/1176 into 1176/tcp???

My head is spinning.

 

[Brian Wakem]

I am basically chopping up some netscreen logs and taking the "service"
aka protocol out of each log entry and I am attempting to look up any
unknown protocols in my /etc/services on my Suse box.

The format of /etc/services is the opposite, it is 9000/tcp or
3544/udp.... (flip flopped)

I need to flip flop the proper elements in my array so that I can use
them in a grep.

I was thinking of something like

if ($_ eq (^tcp|^udp)){
$_ =~ $1

(I get confused here)

I am using parentheses above and trying to use $1 for what I matched to
paste it on the end of the $_.

Can someone point me in the right direction to turn, for example

tcp/1176 into 1176/tcp???

You are way off.

if (m!^(tcp|udp)/(\d+)$!) {
print "$2/$1";
}

 

[usenet]

if (m!^(tcp|udp)/(\d+)$!) {
print "$2/$1";
}

Or, if you would rather do it the hard way, you could do something
awful like:

#!/usr/bin/perl
use strict; use warnings;

my @service = qw!tcp/1039 udp/7001 proto:41/l!; #sample
print map {"$_\n"} join '/', reverse split "/", $_
for grep /^tcp|^udp/, @service;

__END__

###OUTPUT##########
1039/tcp
7001/udp

 

[Eden]

TMTOWTDI:

#!/usr/bin/perl
use strict;
use warnings;

$_ = qq!tcp/1039 udp/7001 tcp/1234!; #sample data
s!(tcp|udp)/(\d+)!$2/$1!g;
print; #result

 

[erik]

Thanks guys, this is exactly what I needed. I knew I needed $1 I just
didn't know how to match $2.

Now my issue is that I would like to use those newly flip flopped $_ in
a grep against /etc/services.

CODE:
sub chop_it{

$filename = "/scripts/ns-pdt-output/cut-up-policy";

open(IN, $filename) || die ("Open Failed: $!\n");
print "DATE: $datetemp";
print "Device: $ARGV[0]";
print "Date, Protocol, Dst Port, Xlate ";
while (<IN>){

my ($date, $service, $protocol, $dst_port, $xlate) = split ' ';


print "$date $service $protocol $dst_port $xlate\n";
unshift @services, $service;



}#end while loop
#print "MY ARRAY IS @services";
foreach (@services){
$_ =~ s/service=//g;
$_ =~ s/port://g;

#here i had to flip the tcp/udp # combo, to the opposite so it would
search properly in /etc/services
if (m!^(tcp|udp)/(\d+)$!) {
$_ = "$2/$1";
}

print " $_";

$services_filename = "/etc/services";


open(SRV, $services_filename) || die ("Open Failed: $!\n");
print @service_grep_results = grep /$_/ SRV;
}
}#end sub

I am trying to use $_ as my regex pattern and then I want to print the
matched lines to stdout.

 

[robic0]

I am basically chopping up some netscreen logs and taking the "service"
aka protocol out of each log entry and I am attempting to look up any
unknown protocols in my /etc/services on my Suse box.

Now my array of services looks like this:

winframe udp/88 udp/7001 udp/389 udp/38293 udp/370 udp/3544 udp/3478
udp/2967 udp/1900 udp/1604 tcp/9000 tcp/88 tcp/8080 tcp/8006 tcp/8000
tcp/554 tcp/5050 tcp/4101 tcp/3268 tcp/3128 tcp/2967 tcp/2693 tcp/2442
tcp/1863 tcp/1755 tcp/1521 tcp/135 tcp/1237 tcp/1206 tcp/1202 tcp/1196
tcp/1191 tcp/1186 tcp/1183 tcp/1181 tcp/1177 tcp/1176 tcp/1174 tcp/1173
tcp/1172 tcp/1170 tcp/1169 tcp/1168 tcp/1136 tcp/1132 tcp/1111 tcp/1100
tcp/106 tcp/1055 tcp/1054 tcp/1052 tcp/1051 tcp/1050 tcp/1049 tcp/1044
tcp/1039 tcp/1026 tcp/1025 rpc(tcp) proto:41/1 pptp ldap icmp https
http ftp dns X-Windows VDO-Live-tcp NTP NETBIOS(SSN) NETBIOS(NS)
NETBIOS(DGM) DNS-(TCP) tcp/1176 NETBIOS(SSN)

The format of /etc/services is the opposite, it is 9000/tcp or
3544/udp.... (flip flopped)

I need to flip flop the proper elements in my array so that I can use
them in a grep.

I was thinking of something like

if ($_ eq (^tcp|^udp)){
$_ =~ $1

(I get confused here)

I am using parentheses above and trying to use $1 for what I matched to
paste it on the end of the $_.

Can someone point me in the right direction to turn, for example

tcp/1176 into 1176/tcp???

My head is spinning.

huh?
---------------------------------------------------------------
I ma yllacisab gnippohc pu emos neercsten sgol dna gnikat eht
"ecivres"
aka locotorp tuo fo hcae gol yrtne dna I ma gnitpmetta ot kool pu yna
nwonknu slocotorp ni ym /cte/secivres no ym esuS xob.

woN ym yarra fo secivres skool ekil siht:

emarfniw pdu/88 pdu/1007 pdu/983 pdu/39283 pdu/073 pdu/4453 pdu/8743
pdu/7692 pdu/0091 pdu/4061 pct/0009 pct/88 pct/0808 pct/6008 pct/0008
pct/455 pct/0505 pct/1014 pct/8623 pct/8213 pct/7692 pct/3962 pct/2442
pct/3681 pct/5571 pct/1251 pct/531 pct/7321 pct/6021 pct/2021 pct/6911
pct/1911 pct/6811 pct/3811 pct/1811 pct/7711 pct/6711 pct/4711
pct/3711
pct/2711 pct/0711 pct/9611 pct/8611 pct/6311 pct/2311 pct/1111
pct/0011
pct/601 pct/5501 pct/4501 pct/2501 pct/1501 pct/0501 pct/9401 pct/4401
pct/9301 pct/6201 pct/5201 cpr(pct) otorp:14/1 ptpp padl pmci sptth
ptth ptf snd X-swodniW ODV-eviL-pct PTN SOIBTEN(NSS) SOIBTEN(SN)
SOIBTEN(MGD) SND-(PCT) pct/6711 SOIBTEN(NSS)

ehT tamrof fo /cte/secivres si eht etisoppo, ti si 0009/pct ro
4453/pdu.... (pilf deppolf)

I deen ot pilf polf eht reporp stnemele ni ym yarra os taht I nac esu
meht ni a perg.

I saw gnikniht fo gnihtemos ekil

fi ($_ qe (^pct|^pdu)){
$_ =~ $1

(I teg desufnoc ereh)

I ma gnisu sesehtnerap evoba dna gniyrt ot esu $1 rof tahw I dehctam
ot
etsap ti no eht dne fo eht $_.

naC enoemos tniop em ni eht thgir noitcerid ot nrut, rof elpmaxe

pct/6711 otni 6711/pct???

yM daeh si gninnips.