#!/usr/bin/perl

push(@foo, 
   '1 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 80 [SYN]',
   '2 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 113 [SYN]',
   '3 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 123 [SYN]',
   '4 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply',
   '5 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) request',
   '6 120 2.3.4.5 -> 5.4.3.2 ICMP ? > ? echo (ping) reply',
   '7 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 562 [RST]',
   '8 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 36 [RST]',
   '9 60 1.2.3.4 -> 4.3.2.1 TCP 3456 > 90 [RST]',
);

# assume that when split the fields are as follows..
#line  = '0';
#size  = '1';
#src   = '2';
#dest  = '4';
#proto = '5';
#port  = '8';

# here is what we will test on.. this could be altered to be
# collected via flags, shifted off of ARGV, or passed as 
# params to a CGI easily...
print "proto: ";
chomp(my $i_proto=<>);

print "port: ";
chomp(my $i_port=<>);

# loop over our data set, this could just as easily be a 
# socket or filehandle.. 
for ( @foo ) {

   my @line = split(/\s+/);

   if ($i_proto) {
      (my $tmp = $i_proto) =~ s/^!//;

      if ($i_proto =~ /^!/) {
         next if ($line[5] =~ /$tmp/);

      } else {
         next if ($line[5] !~ /$tmp/);
      }
   }

   if ($i_port) {
      (my $tmp = $i_port) =~ s/^!//;

      if ($i_port =~ /^!/) {
         next if ($line[8] =~ /$tmp/);

      } else {
         next if ($line[8] !~ /$tmp/);
      }
   }

   print "$_\n";
}