#!/usr/bin/perl
use strict;
use warnings;

my $hn = `/bin/hostname`;
chomp($hn);
my $in = "/MDS/$hn.pcap";
my $out = "/root/$hn.times";
my $cl;
my $nl;
my $pos;
my $ts1;
my $ts2;
my $ts1ms;
my $ts2ms;
my $req;
my $res;
my $td;
my $ms;

open IN, "<", "$in" or die "IN: $!\n";
open OUT, ">", "$out" or die "OUT: $!\n";

while ( $cl = <IN>) {
        next if ( $cl =~ m/^Running as user.*$/ );
        next if ( $cl =~ m/^Capturing on.*$/ );

        $pos = tell(IN);
        if ( $cl =~ m/^.*Who has.*$/ )
        {
                $nl = <IN>;
                if ( $nl =~ m/^.*Who has.*$/ )
                {
                        print "NO ARP RESPONSE FOR: $cl";
                        undef $nl;
                        seek(IN, $pos, 0);
                }
                else
                {
                        ($ts1) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+:.*$/;
                        undef $nl;
                        seek(IN, $pos, 0);
                }
                next;
        }
        elsif ( $cl =~ m/^.*is at.*$/ )
        {
                ($ts2) = $cl =~ m/^\d+-\d+-\d+\s(.*?)\s\d+:\d+:.*$/;
        }

        ($ts1ms) = $ts1 =~ m/^.*?\.(.*)/;
        ($ts2ms) = $ts2 =~ m/^.*?\.(.*)/;
        $req = `/root/Time $ts1`;
        $res = `/root/Time $ts2`;
        $td = $res-$req;
        $ms = ($ts2ms-$ts1ms)/1000;

        print "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms milliseconds\n";
        print OUT "ARP Req: $ts1; ARP Res: $ts2; ARP Time: $ms milliseconds\n";
}

close IN;
close OUT;