1 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 80 [SYN]
2 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 113 [SYN]
3 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 123 [SYN]
4 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply
5 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) request
6 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply
7 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 562 [RST]
8 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 36 [RST]
9 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 90 [RST]

##</code><code>##

#!/usr/bin/perl -w

use strict;
use CGI;

use vars qw($data_file);
$data_file = 'data.txt';

{
    my $cgi = new CGI;
    my $custom_regexp = '\d+\s+(\d+)\s+(SOURCE_ADDR)\s+->\s+(DEST_ADDR)\s+(PROT)\s+(SOURCE_PORT)\s+>\s+(DEST_PORT)';
    my %user_param;
    
    $user_param{'dest_addr'}   = defined($cgi->param('dest_addr')) ? $cgi->param('dest_addr') : '\S+';
    $user_param{'source_addr'} = defined($cgi->param('source_addr')) ? $cgi->param('source_addr') : '\S+';
    $user_param{'prot'}        = defined($cgi->param('prot')) ? $cgi->param('prot') : '\S+';
    $user_param{'source_port'} = defined($cgi->param('source_port')) ? $cgi->param('source_port') : '\S+';
    $user_param{'dest_port'}   = defined($cgi->param('dest_port')) ? $cgi->param('dest_port') : '\S+';
        
    my $new_sig = $custom_regexp;
    
    foreach my $key (keys %user_param) { 
        if($user_param{$key} =~ /^!(.+?)$/) {
            $user_param{$key} = "?!$1)(\\S+)(?<!$1";
        }
    }
        
    $new_sig =~ s/SOURCE_ADDR/$user_param{'source_addr'}/;
    $new_sig =~ s/DEST_ADDR/$user_param{'dest_addr'}/;
    $new_sig =~ s/PROT/$user_param{'prot'}/;
    $new_sig =~ s/SOURCE_PORT/$user_param{'source_port'}/;
    $new_sig =~ s/DEST_PORT/$user_param{'dest_port'}/;
        
    print "$new_sig\n";
    
    open(DATA, "<$data_file");
        while(my $pkt = <DATA>) { print "$pkt" if $pkt =~ qr/$new_sig/; }
    close DATA;
}