Parsing TCPDUMP output

Question

Im trying to parse my TCPDUMP command output to print \"ok\" if a specific server sends data back before a given amount of seconds ( or nanoseconds ) Example:

11         


        

Answer 1

With the information from your other question Parsing TCPDUMP output and since you asked about parsing the file, there are several ways it can be done. I have generate a simple script to read in the data and get it into a hash. I'm going with the data from your other posting as the input you want to parse. It does not do data validation and expects all lines to be the same format in the file.

# Checking for errors (Good practice to always use)
use strict;

# open the file (first on on the command line)1
open my $input,$ARGV[0] or die "Unable to open file: $ARGV[0]";

# scalar/variable into which to save the line read from the file
my $line;
# Hash/mapping by machine for the time
my %machine2time;
# Array/List to store parsed line into individual list/array items
my @parsedLineSpace;

# Read line from the file.  This will fail when a line cannot be read
while ( $line = <$input> ) 
{
  # Parse the line based on spaces first element is time (index 0), 
  # the second is IP (index 1)
  @parsedLineSpace = split('\s+',$line);

  # If the IP exists in the hash/mapping, then the delta time needs to be
  # computed as there is a response 
  if ( exists $machine2time{$parsedLineSpace[1]} ) 
  {
    # Get the times which are needed to compute the difference
    # and place in scalar/variables 
    my $firstTime = $machine2time{$parsedLineSpace[1]};
    my $responseTime = $parsedLineSpace[0];

    # Compute the time difference (Exercise for the user)
    # Use an array and split to break the time into individual components or 
    # the to do that.  Make sure you use a \ to escape the . for the split
    # and that you check for boundary conditions  

    # Remove the item from the hash/mapping as it is not needed and 
    # any remaining items left in the hash would be items which did
    # get a response
    delete $machine2time{$parsedLineSpace[1]};
  }
  # else this the first occurrence (or there was no response) so 
  # save the time for use later
  else
  {
    $machine2time{$parsedLineSpace[1]} = $parsedLineSpace[0];
  }
}

# Print out any machines which did not have a matched response
print "\nIPs which did not get a response\n";
# For each key in the hash/mapping (sorted) print out the key which 
# is the IP
foreach my $machine ( sort keys %machine2time )
{
  print "$machine\n";
}

Hopefully this will get you started on your effort