Creating 2 variables from a multiple pattern grep

first time poster here

Im pretty new to grep and linux in general and I spent pretty much all day yesterday researching and coming up with a grep command to help with my university project. I am attempting to create a proof of concept bash script to scan the network using ngrep, find appropriate cookies and then place them into a variable. I was basically wondering how I could achieve this using one line so that I can grab both variables from the one packet rather than grabbing one variable then moving on to the next grep (which would have to wait on the next packet containing the cookie) Would I need to dump these to a file perhaps then read in both the variables? and if so how?

cook=`ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 | grep -m 1 -Po '(?<=user=)[^;]+'`

cook2=`ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 | grep -m 1 -Po '(?<=ab=)[^;]+'`

so how can I store cookie & cookie2 from the ONE packet instead of having to ngrep twice? I'm sorry if my question is a bit vague, if theres any confusion just ask

thanks guys

Could you show what output you get with

ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80

?

sure, the packets can of course vary... but it is typically like

 T 192.168.0.2:56062 -> 31.13.72.20:80 [AP]   GET /profile.php?id=9807353023&ref=tn_tnmn&ajaxpipe=1&ajaxpipe_token=AXiX35owSRCd-ZmH&quickling[version   ]=668610%3B0&__user=1807553033&__a=1&__adt=10 HTTP/1.1..Host: www.facebook.com..Connection: keep-alive.   .User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229   .94 Safari/537.4..Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8..Referer: htt   p://www.facebook.com/profile.php?id=1807553033..Accept-Encoding: gzip,deflate,sdch..Accept-Language: en   -US,en;q=0.8..Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3..Cookie: locale=en_GB; datr=PSyfUNE5pidOqg   HIbV4lwvWt; lu=Rgu8r-Dw_TIyeBHKKAL7X_3A; c_user=9807353023; fr=0uRMqfaB4gwsekhGX.AWUpswZDblxvmrs0hSu3Uh   712bQ.BQnyxH.Js.AWUGsO8H; xs=27%3BA45MaK-T6DLTkQ%3A0%3A1352716409; sub=32; p=57; presence=EM352743119Eu  serFA21807553033A2EstateFDsb2F0Et2F_5b_5dElm2FnullEuct2F1352715811BEtrFA2loadA2EtwF1024479246EatF13527431173   

its c_user and xs im trying to store into a variable

With the example of output you provided, your
cook variable would contain (according to the test i did on my ubuntu):

1807553033&__a=1&__adt=10 HTTP/1.1..Host: www.facebook.com..Connection: keep-alive.   .User-Agent: Mozilla/5.0 (Windows NT 6.1
9807353023

And your cook2 variable would be empty.

Could you please provide an output that demontrate better what you intend in your variables ?

If you want to set many variables a simple way is to build an environment file that you then can then execute.

Some ksh read can read multiple variables.

You can also do a search and see how set -- works.
(use "OLDIFS" as search key)

cuser=$(ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 | grep -m 1 -Po '(?<=c_user=)[^;]+') 
xs=$(ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 | grep -m 1 -Po '(?<=xs=)[^;]+')

the above gives me

root@bt:~# echo $xs
27%3BA45MaK-T6DLTKq%3A0%3A1352716409
root@bt:~# echo $cuser
9807353023

what im trying to achieve is to get both of these variables set with the one ngrep command (on the one packet) rather than executing ngrep twice and setting both variables from seperate packets

Suggestion:
Why don't you ngrep and store the output in a variable:-

ngrep_out=$( ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 )

Then grep on this variable value to get xs & cuser:-

cuser=$( echo $ngrep_out | grep -m 1 -Po '(?<=c_user=)[^;]+' )
xs=$( echo $ngrep_out |grep -m 1 -Po '(?<=xs=)[^;]+' )

Will this work for you?

this does not give me any output on $ngrep_out for some reason

edit: sorry got it, I had to change the " to ' on the first line

thanks alot

---------- Post updated at 05:37 PM ---------- Previous update was at 05:07 PM ----------

the strange this is now it does work, but only intermittently

sometimes I get nothing in the variables and sometimes I do

set -- $( ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 | awk '{sub(".*c_user=",z);sub(";.*xs="," ");sub(";.*$",z)}1' RS= )
cuser=$1
xs=$2
set -- $( ngrep -s 1000 -l -q -d eth1 "Cookie:" tcp and port 80 | grep -oE 'c_user=[^;]+|xs=[^;]+' | grep -oE '[^=]+$' )
cuser=$1
xs=$2

what does it give when using ngrep without -l buffering option ?