1#!/usr/local/bin/perl
2
3sub main
4{
5    local ($input, $output) = @_;
6    local ($line);
7    local ($lineNo) = (0);
8    while  (($line = <$input>)) {
9	local ($num, $time, $srcMac, $dstMac, $type, $rest);
10	chop $line;
11	$lineNo++;
12	$line =~ /^(\d+)\s+([\d\.]+)\s+([\dA-F]+)\s+([\dA-F]+)\s+(\w+)\s+(.*)/ ||
13	    die "IP: No match on line $lineNo: $_.\n";
14	($num, $time, $srcMac, $dstMac, $type, $rest) = ($1, $2, $3, $4, $5, $6);
15	if ($type eq 'TCP') {
16	    local ($flags, $len, $seqStart, $seqEnd, $ack, $win, $srcPort, $dstPort, $srcIP, $dstIP);
17	    $rest =~ /^([A-Z\.]+),\s+len:\s+(\d+),\s+seq:\s*(\d+)-(\d+),\s+ack:\s*(\d+),\s+win:\s*(\d+),\s+src:\s+(\d+)\s+dst:\s+(\d+)\s+([\w\d\.]+)\s+([\w\d\.]+)\s+IP/ ||
18		die "TCP: No match on line $lineNo: $_.\n";
19	    ($flags, $len, $seqStart, $seqEnd, $ack, $win, $srcPort, $dstPort, $srcIP, $dstIP) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10);
20	    $flags =~ s/\.|A//g;
21	    $flags = '.' if ($flags eq '');
22	    print $output "$time $srcIP.$srcPort > $dstIP.$dstPort: $flags";
23	    print $output " $seqStart:$seqEnd(", $seqEnd - $seqStart, ")" if ($seqEnd != $seqStart || $flags =~ /S/);
24	    print $output " ack $ack" if ($ack);
25	    print $output " win $win" if ($win);
26	    print $output "\n";
27	} elsif ($type == 'ICMP') {
28	    local ($message, $whatIsA, $a, $whatIsB, $b, $srcIP, $dstIP);
29	    $rest =~ /^([^,]*),\s+(From|To)\s+([\w\d\.]+)\s+(To|From)\s+([\w\d\.]+)\s+([\w\d\.]+)\s+([\w\d\.]+)\s+IP/ ||
30		die "ICMP: No match on line $lineNo: $_.\n";
31	    local ($message, $whatIsA, $a, $whatIsB, $b, $srcIP, $dstIP) = ($1, $2, $3, $4, $5, $6, $7);
32	    print $output "$time $srcIP > $dstIP: ";
33	    if ($message eq 'Echo') {
34		print $output "echo request";
35	    } elsif ($message eq 'Echo Reply') {
36		print $output "echo reply";
37	    } else {
38		die "IP: Don't know how to handle message \"$message\".\n";
39	    }
40	    print $output "\n";
41	    $from = '';
42	    $to = '';
43	} else {
44	    die "IP: Don't know how to handle \"$type\".\n";
45	}
46    }
47}
48
49open(INPUT, "<BIG.www26.robot.netmon.BIG") || die "Can't open input: $!\n";
50open(OUTPUT, ">BIG.www26.robot.tcpdump.BIG") || die "Can't open output: $!\n";
51
52main('INPUT', 'OUTPUT');
53
54