Many thanks to everyone who posted help! After leaving it for a while, I realized I needed to come at it from a "next line" perspective. After much reading and experimenting (and debugging) it now works how I wanted it to work. Here it is, in case it can help someone else:
#!/usr/bin/perl use strict; use warnings; my $hn = `/bin/hostname`; chomp($hn); my $in = "/MDS/$hn.pcap"; my $out = "/root/$hn.times"; my $cl; my $nl; my $pos; my $ts1; my $ts2; my $ts1ms; my $ts2ms; my $req; my $res; my $td; my $ms; open IN, "<", "$in" or die "IN: $!\n"; open OUT, ">", "$out" or die "OUT: $!\n"; while ( $cl = <IN>) { next if ( $cl =~ m/^Running as user.*$/ ); next if ( $cl =~ m/^Capturing on.*$/ ); $pos = tell(IN); if ( $cl =~ m/^.*Who has.*$/ ) { $nl = <IN>; if ( $nl =~ m/^.*Who has.*$/ ) { print "NO ARP RESPONSE FOR: $cl"; undef $nl; seek(IN, $pos, 0); } else { ($ts1) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+ +:.*$/; undef $nl; seek(IN, $pos, 0); } next; } elsif ( $cl =~ m/^.*is at.*$/ ) { ($ts2) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+:.*$/; } ($ts1ms) = $ts1 =~ m/^.*?\.(.*)/; ($ts2ms) = $ts2 =~ m/^.*?\.(.*)/; $req = `/root/Time $ts1`; $res = `/root/Time $ts2`; $td = $res-$req; $ms = ($ts2ms-$ts1ms)/1000; print "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms millisecond +s\n"; print OUT "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms millise +conds\n"; } close IN; close OUT;
In reply to Re: Previous Line Matching Issues
by ImJustAFriend
in thread Previous Line Matching Issues
by ImJustAFriend
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |