I'm trying to parse a huge (~2-5MB) Snoop dump from our servers.
The output is below:
15:44:14.57313 199.117.205.249 -> s31 TCP D=57013 S=4500 Push
Ack=4051907260 Seq=4004895749 Len=39 Win=49640
0: 0003 ba0c 272b 000c f860 a0f0 0800 4500 ....'+..ø`....E.
16: 004f 9fe9 4000 3806 0231 c775 cdf9 0a01 [EMAIL PROTECTED]
32: 011f 1194 deb5 eeb5 dc05 f183 32bc 5018 ............2.P.
48: c1e8 78f7 0000 e225 c704 050c 1915 e81d ..x....%........
64: e91b cf01 01d1 0201 01f2 12c0 0231 30c1 .............10.
80: 0101 c209 0401 210a 0656 1187 42 ......!..V..B
15:44:14.66459 s31 -> 199.117.205.249 TCP D=4500 S=57013
Ack=4004895788 Seq=4051907260 Len=0 Win=64140
0: 0000 5e00 01c9 0003 ba0c 272b 0800 4500 ..^.......'+..E.
16: 0028 7e4d 4000 4006 1bf4 0a01 011f c775 .([EMAIL
PROTECTED]@........u
32: cdf9 deb5 1194 f183 32bc eeb5 dc2c 5010 .ù......2....,P.
48: fa8c a0a9 0000 ú.....
15:44:14.74595 s31 -> 199.117.205.249 TCP D=4500 S=57013 Push
Ack=4004895788 Seq=4051907260 Len=81 Win=64140
0: 0000 5e00 01c9 0003 ba0c 272b 0800 4500 ..^.......'+..E.
16: 0079 7e4e 4000 4006 1ba2 0a01 011f c775 [EMAIL
PROTECTED]@........u
32: cdf9 deb5 1194 f183 32bc eeb5 dc2c 5018 .ù......2....,P.
48: fa8c a0fa 0000 e44f c704 050c 1915 e847 .......O.......G
64: ea45 cf01 01f2 40c0 0101 e117 c006 0609 [EMAIL PROTECTED]
80: 1d08 a4e2 c10a 0301 34f5 a0c4 1a9e 0000 ........4.......
96: c201 00c2 0902 0021 0a06 2651 9079 c309 .......!..&Q.y..
112: 0401 210a 9990 0932 91c6 0c00 0121 0f13 ..!....2.....!..
128: 0601 1095 1697 f4 .......
What I'd like to see is the time stamp the request came in and time stamp the
server responded.
Like...
Time: Transaction Transaction_ID
Transaction_Type
15:44:14.57313 199.117.205.249 -> s31 c704 050c (from line 48) Request
15:44:14.74595 s31 -> 199.117.205.249 c704 050c (from line 48) Response
Any ideas? Anyone have done this before?
TIA
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
