The description of the problem (specially the X part) is too vague, but it seems to me that sorting is not the best way to solve it.
To separate the packets by connection, you can use a hash of arrays (untested):
my %conn;
while(<DATA>) {
my ($src_ip, $src_port, $dest_ip, $dest_port, @more) =
/^([\d\.]+):(\d+) -> ([\d\.]+):(\d+) ...$/;
my $conn = $conn{join('-', $src_ip, $src_port, $dest_port, $dest_ip)
+} ||= [];
# $. can be used as a sequence number:
push @{$conn}, [$., @more]
}
# and then analyze the sequence of packets for every connection:
for my $key (keys %conn) {
my $conn = $conn{$key};
my $conn_back = $conn{join('-', reverse split /-/, $key)} || [];
...
Using the sequence numbers taken from
$. you should be able to analyze the flow of packets combining the entries in
$conn and
$conn_back.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.