2014-05-20 18:47:08.805161 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP Who has 4.3.2.1? Tell 4.3.2.16 2014-05-20 18:47:08.805691 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 4.3.2.1 is at 00:00:00:00:00:01 2014-05-20 18:47:21.335941 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP Who has 4.3.2.1? Tell 4.3.2.16 2014-05-20 18:47:39.005146 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP Who has 4.3.2.1? Tell 4.3.2.16 2014-05-20 18:47:39.005647 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 4.3.2.1 is at 00:00:00:00:00:01 2014-05-20 18:48:09.205362 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP Who has 4.3.2.1? Tell 4.3.2.16 2014-05-20 18:48:09.206089 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 4.3.2.1 is at 00:00:00:00:00:01 2014-05-20 18:48:39.405393 00:00:00:00:00:02 -> ff:ff:ff:ff:ff:ff ARP Who has 4.3.2.1? Tell 4.3.2.16 2014-05-20 18:48:39.405857 00:00:00:00:00:01 -> 00:00:00:00:00:02 ARP 4.3.2.1 is at 00:00:00:00:00:01 #### #!/usr/bin/perl use strict; use warnings; my $hn = `/bin/hostname`; chomp($hn); my $in = "/root/$hn.pcap"; my $out = "/root/$hn.times"; my $cl; my $ts1; my $ts2; my $ts1ms; my $ts2ms; my $req; my $res; my $td; my $ms; open IN, "<", "$in" or die "IN: $!\n"; open OUT, ">", "$out" or die "OUT: $!\n"; my $pl = ""; while ( $cl = ) { next if ( $cl =~ m/^Running as user.*$/ ); next if ( $cl =~ m/^Capturing on.*$/ ); if ( $cl =~ m/^.*Who has.*$/ ) { ($ts1) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+:.*$/; next; } elsif ( $cl =~ m/^.*is at.*$/ ) { ($ts2) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+:.*$/; } ($ts1ms) = $ts1 =~ m/^.*?\.(.*)/; ($ts2ms) = $ts2 =~ m/^.*?\.(.*)/; $req = `/root/Time $ts1`; $res = `/root/Time $ts2`; $td = $res-$req; $ms = $ts2ms-$ts1ms; #print "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms milliseconds\n"; #print OUT "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms milliseconds\n"; } close IN; close OUT;