comment on

Greetings Monks. I am having a very annoying code issue right now concerning capturing the previous line of a file and matching it, printing an alert, then moving on. First, my input file:

2014-05-20 18:47:08.805161 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP 
+Who has 4.3.2.1?  Tell 4.3.2.16
2014-05-20 18:47:08.805691 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 
+4.3.2.1 is at 00:00:00:00:00:01
2014-05-20 18:47:21.335941 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP 
+Who has 4.3.2.1?  Tell 4.3.2.16
2014-05-20 18:47:39.005146 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP 
+Who has 4.3.2.1?  Tell 4.3.2.16
2014-05-20 18:47:39.005647 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 
+4.3.2.1 is at 00:00:00:00:00:01
2014-05-20 18:48:09.205362 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP 
+Who has 4.3.2.1?  Tell 4.3.2.16
2014-05-20 18:48:09.206089 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 
+4.3.2.1 is at 00:00:00:00:00:01
2014-05-20 18:48:39.405393 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP 
+Who has 4.3.2.1?  Tell 4.3.2.16
2014-05-20 18:48:39.405857 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 
+4.3.2.1 is at 00:00:00:00:00:01
[download]

Basically what I want to do is to identify consecutive requests (like lines 3 & 4 above). If I see one, I want to print an error line and move on. Always the top duplicate (in this case, line 3) will be the one to be alerted on then thrown away. I have been banging on this all day... but I'm not getting anywhere. Here's my code thus far:

#!/usr/bin/perl

use strict;
use warnings;

my $hn = `/bin/hostname`;
chomp($hn);
my $in = "/root/$hn.pcap";
my $out = "/root/$hn.times";
my $cl;
my $ts1;
my $ts2;
my $ts1ms;
my $ts2ms;
my $req;
my $res;
my $td;
my $ms;

open IN, "<", "$in" or die "IN: $!\n";
open OUT, ">", "$out" or die "OUT: $!\n";

my $pl = "";
while ( $cl = <IN>) {
        next if ( $cl =~ m/^Running as user.*$/ );
        next if ( $cl =~ m/^Capturing on.*$/ );

        if ( $cl =~ m/^.*Who has.*$/ )
        {
                ($ts1) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+:.*$/;
                next;
        }
        elsif ( $cl =~ m/^.*is at.*$/ )
        {
                ($ts2) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+:.*$/;
        }

        ($ts1ms) = $ts1 =~ m/^.*?\.(.*)/;
        ($ts2ms) = $ts2 =~ m/^.*?\.(.*)/;
        $req = `/root/Time $ts1`;
        $res = `/root/Time $ts2`;
        $td = $res-$req;
        $ms = $ts2ms-$ts1ms;

        #print "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms millisecon
+ds\n";
        #print OUT "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms millis
+econds\n";
}

close IN;
close OUT;
[download]

At this point, I'm not even sure what to try or where to put it. Do I look at the next line for a dup and act on the current line if I find one? Do I use the previous line? I'm so lost. Please help me get back on track here, fellow monks... I would appreciate it!!

Thanks!!

In reply to Previous Line Matching Issues by ImJustAFriend

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.