### Regex

Course
Time
1 hour 37 minutes
Difficulty
Beginner
CEU/CPE
2

### Video Transcription

00:00
and welcome back. Let's be couple we left off. We actually already finding the data for time night. So let's organize us a little time here.
00:11
It's a little space corn that we're going to know what's what.
00:15
And now let's start looking for source. And you know what? This is getting a little clocked up.
00:21
I just actually delete this on the top already. Know what we're looking for? Just a little more organized. Right.
00:27
So we're gonna search again for sores.
00:30
I p right.
00:32
I'm gonna check also for destination I p.
00:37
And in order to practice, um, sorry.
00:41
Us really gonna also search for the destination port.
00:47
Okay, Just so we could get a little practice in okay.
00:52
And sorry for the typos. Uh, here.
00:57
Okay.
00:58
So let's
01:00
start working on this.
01:02
Okay? So sort is actually fairly simple.
01:06
And
01:07
one thing to remember is actually gonna need way too much information from behind. Like or doing out here with time. It's just
01:14
I would like you to practice
01:15
in this case, force, um, little to SRC like animation earlier. We don't need, so
01:23
that's right. Move it.
01:25
All right.
01:26
If he has no time here before so
01:30
it shouldn't really matter.
01:32
So again
01:34
I can't remove it from there.
01:37
Start working with the source. S R C
01:41
Break Special Cemal
01:42
Flash D right and I. P's are from 13 Correct.
01:49
That's right. I'm racket
01:52
and then break. It was period and then we do this basically
01:57
three more times,
01:59
and I was removed a period at the end. And guess what? You have a drink.
02:02
But like I said, always look for something after all this time it's a colon
02:07
breaking
02:08
and
02:09
that's a foul. It let's at the capture group
02:15
and there you go. Then we're adding capture groups. Since they started. Look, sources, lock sources both. We were practicing as if we're going to integrate this into it s I am so sleepy. We just do this and that's basically it.
02:28
Now for destination I p. It's fairly simple. It's facing the same syntax just instead of SRC is destination, right?
02:36
So literally
02:38
we type it like this and we're done
02:40
easy.
02:42
See discounts with practice rates. You already know how this works. You already know at seen this before and therefore you know what changes you need today An I P is an I p s along with his i p before and the locks are so we're using is still gonna be four octaves of wanted three digits And you can see here that there's once I have
03:00
one did it and he chucked It is he wants after easy ones have to some of the doctors and you can see that they
03:07
Rogic's itself It's working how it's supposed to be working
03:12
now
03:13
saying that right,
03:15
we now need to look for
03:19
the port.
03:21
Now when we look for deport itself,
03:24
03:28
to the side of what we're doing, right? And if you remember correctly from a prior lesson, it's between 15 digits of flint again you can use per square brackets and put the exact range. But
03:38
let's just say 1 to 5. Uh, unlikely should cover it right now. Obviously, like I mentioned earlier, if it s i n. You want to make sure you captured a port, not the AP,
03:49
so you have to treat it records in. Let's see, you're gonna make an error here, see if you can detect it.
03:55
Why? This is not our my network, right
04:00
to give you a second to think what has happened, right?
04:04
This is face no.
04:06
Well,
04:09
you know, sent into a little secret
04:11
if you come right here, Yes, there's ever
04:15
invalid. Quantify, Right.
04:16
So
04:19
yes. Yet
04:20
no sovereign diseases in the wrong place, is it?
04:25
Let's put it right here. And obviously,
04:29
this should know. Go over. Apologize
04:34
here.
04:35
Sorry.
04:38
Small screen on. As you can see, it is now
04:42
fully working. So let's put this actually not cheat sheet
04:46
and ***. And actually, that's actually at I p
04:49
and removed this in case of the P,
04:54
obviously, to fix the capture group actually had them earlier,
04:58
right? And effort of the century party. In that space of this same thing,
05:02
source repeats the same syntax. Justine S R c, for sources said of D
05:10
for destination. Right, D s t.
05:13
Now
05:14
this is much, much the only day it's that remember
05:17
never your ability A rule always at something at the end. In this case for the destination port,
05:24
you should be adding that little
05:27
cola at the end to make sure it captures it correctly. Right?
05:30
And there we go. Now
05:33
let's say you want to capture the data at the Ennis. Well,
05:39
that one, for example, type of connection. Then basically, you have to do it's to ah
05:43
w plus, and that basically takes care of it.
05:48
Now regards to Particle. You know, at a word of swell.
05:55
And basically, when you're at this, you're taking care of the forward. Same tax if you want one.
06:00
But if you see carefully here, right
06:03
there we go. Now it's not over shouting to the next cream. That's why you have to always look at the next character.
06:12
All right, in there, really now is capturing the type.
06:15
So let's copy this.
06:17
Put in our she cheat again,
06:19
right?
06:20
Let's say this is apology since here
06:28
you say it's time, I guess, right?
06:31
This is this.
06:35
Yeah, let's say critical
06:38
right
06:38
again. Like all the previous instances, you have to write too much farces. Particle. It's itself the word. It's the pretext if you want to call them dead.
06:46
I was captured the next tech, which in this case would be
06:50
that's a that DCP right being you to be artistic P
06:55
and I was that the next character or the little slash is actually the afterward bracket and therefore that leads to what we actually need to capture for this case
07:06
now, staying in the protocol. It's actually copy and paste is into our Cici.
07:14
All right, then that's what you'll see here. We have fused
07:16
while card, and I'm gonna show you a little secret here.
07:20
Yes, sir.
07:23
So this copy protocol again
07:27
Put it in a cheap
07:30
and say it is still protocol right in. There we go.
07:35
I should be taken to curve it.
07:38
Now. One important thing that we have miss is the message.
07:44
What's the point of having a source in the destination and particle it took if you don't know, actually, what actually was taking right? And like in previous cases, you can use an SGS a pretext
07:56
07:59
All right, what's this usedto w right
08:01
for a message on in this case because he clearly
08:07
message to has some symbols we might need to add
08:11
into our rule. Right,
08:13
You see here.
08:16
So let's at dad over here
08:20
and its added at the inn, and you might see that in my break are not detected. And the recent being is dead.
08:26
Sometimes this half
08:28
more than one word and honestly if it's just you're telling the suffer? A. It's just one word. Doesn't matter the length,
08:37
but I want to see a quotation at the end of this. And there's a space here. It's not technically one word anymore. And technically, we're gonna have to have two words. So
08:46
let's try this again. Right?
08:50
You gonna say Okay, it's 12 words. So list of space,
08:54
which is last mess, right?
08:58
And then if it's there or not there,
09:01
right,
09:01
and then we get into another.
09:05
That's, uh, lift ISS, right? Sorry.
09:07
Skopje.
09:09
Uh, word.
09:11
All right. If it's they're not there.
09:15
I'm sorry. Morning. One character I apologize
09:18
close bracket against. He now has been detected, most of them. But you can still sort of see that.
09:24
Not all of it. It's being captured. We actually look at the second string over there. You can see the little white space. And basically what happens is if the action has more than two words,
09:37
let's say 34
09:39
this will not be detected.
09:41
And this is when wild cards
09:45
come into play. Right?
09:46
So
09:48
take a quick look into the Israeli. Let's eliminate this. We have to
09:52
square brackets again endless to the wild card and like a mention where it is a very common when I use and you can see now pretty much
10:00
that all of them are being that took all the messages right, including this one, which earlier was not able to be detected due to having more than two words. And that's why I say you have to be really, really careful when you build these. Okay,
10:13
um, you can, for example, avoid seeing a real threat because you were too precise, too exact when you were building the magics and we were not counting into data you have not yet seen
10:28
again.
10:28
You don't want to always use while cars fits a lot of stress on the system, but also you don't want to be too precise. We might lose events like this.
10:37
Just one example. You know, if it's
10:39
invoice 12345 Instead of writing 5 60 years, I will put like from one to from two up to eight digits. You know that we have a little leg room for improvement, increase mint and be a little more proficient. We're not here to play catching miles, right?
10:56
And then You know, like I said earlier, if you have a bigger infrastructure, you might consider
11:01
including the idea on the farm. All he will be a very similar concept. Right? I d s slashed. Ah, equal sign slash W plus. And then the first letter of the next word, for example. Issue take care of it, right. He should be able to build magics just about everything around here.
11:18
How? Like I said,
11:18
wild card is fun. But one of the issues if while cars is, for example, you try to go back to our time rejects, it won't work since while car will detect the whole segment and not just
11:31
the date or just the time. And that's when Magic sister might need to build two different Radic. Says one for the date. Want for the time in order to properly determine what you're looking for.
11:43
Now let's copy dis
11:46
message here, Right,
11:48
Have another alternative
11:50
and therefore me updated. Archie cheat, if you want to call it that. Right?
11:56
And again, we have learned so far in the lesson how to use,
12:01
um, all of these difference a concept, right? You have basically learned that even though we do have a horse for, like multiple captured groups,
12:09
again slept that efficient endeavor I did not recommend using or for security appliance that it puts a lot of stress. And and again, if all have to have run more than one alternative, you can comfort, curate and hit this little plus button, you'll be ableto
12:24
write several since Texas. Very simple sentences which will work ASA or statement without having to actually have the system hold this cache of stores with sent exit of search right to be able to work properly. Like I said, you have to learn all the concentrator seeing the cheat sheet that you probably is your day today,
12:43
right? I'll be using all this concert of Cory length
12:46
the words digits, the wild cards, the capture groups. If you use all this in my everyday live right and it's just very little, you will not be learning right. Like
12:58
basically what you see in this course will be what you be doing. That word
13:03
out of the concept
13:05
out of what you've seen here today, you won't not be using as often unless you're more into the programming aspect off Red IX
13:13
again. While cart is your friend. Do not forget.
13:20
Okay?
13:22
No,
13:22
the overall in this course you learned Barrow, things aren't red X. It's basically a syntax or search pattern. Have dancers. Pardon?
13:31
That's so not so wild. Wild card, right,
13:33
that less is better in it, right? You don't have to write this complex things.
13:37
Keeping it simple is always the best opportunity and usually test this script writer this syntax online and in the tool. And even though your morning between tools is always good for a dead now,
13:50
the over it's nice was always fated to have two different Semtex is than one complex one. Okay,
13:56
it is also very, very Amiri. Say this again, Very important
14:03
that you look for data prior and after what you want to capture. Why? Because this way you will eliminate the chances of false positive on capturing the wrong group. When the techs excels, changes are for things here haven't seen before. And again, there's always more than one way to write at Reg IX.
14:22
Just because you do it this way doesn't mean
14:24
that your partner did it wrong or your professor did it wrong when your manager did it wrong. doesn't mean that just because everyone else has it 11 doesn't mean you jerk. Regis's run right?
14:35
There's more than one way to build a tragic and I need
14:41
14:41
Don't close your eyes. Don't don't closer mind thinking I was not able to do this because you might be able to write. It's just simplicity. Maybe tackle it in a different way and you should be able to manage it.
14:54
I hope you enjoy this course.
14:56
I hope to see you soon. Future courses. I encourage you to take other Siiri courses. You know there's different aspects from cybersecurity, different levels. All of them will be a great advantage for us. A professional. I encourage you to take them.
15:11
Some of them are very short. Some of our more in depth. It all suits your time availability at which your great day internalize your class. Good night.

### Regex

In this course you'll learn the basics of regular expressions, also known as Regex. As a professional you will understand when it is beneficial to use Regex and when it's not, how to construct Regex, and how to read Regex built by other professionals.

Kevin Hernandez
Instructor