#!/usr/bin/perl

###############################################################################
# Ethereal Output Filtering Script
# Copyright (c) 2002, Information & Computer Science, UC Irvine
# Written by Hoan Tran <hoant@ics.uci.edu>, GSR-CSN
# Released under the terms of the GNU General Public License
#
# Perl script that reads in captured output of Ethereal and extracts:
# <time>,<src_addr>,<dst_addr>,<seq_num>,<ack_num>,<tx_bytes>,<rx_bytes>,<fc_win>
#
# @author Hoan Tran (02-26-1999)
# @modified by Hoan Tran (02-27-2002)
#
# Version 1.0 (02-26-1999)
# Version 1.1 (02-27-2002)
#
###############################################################################

$filetoread = $ARGV[0];
$filetowrite = $ARGV[1];
$source_addr = $ARGV[2];
      
if ((length($filetoread) > 0) && (length($filetowrite) > 0)) {    
            
   &read_file;
   &write_file;
}
else {
   die ("\n     Usage: perl filter_ethereal.pl [source_file] [target_file] [source_IP_addr]\n\n");
}
   
# ********** SUBROUTINES **********
sub read_file {
   open (FILETOREAD, "<$filetoread") || die ("ERROR: Cannot read from $filetoread\n");
   @input_data = <FILETOREAD>;
   @file_data = @input_data;
   close (FILETOREAD);
}
   
sub write_file {

   open (FILETOWRITE, ">$filetowrite") || die ("ERROR: Cannot write to $filetowrite\n");
   
   $linenum = 0;
   $flag = 0;
   $pktcount = 0;
   $bytes_tx = 0;
   $bytes_rx = 0;

   print FILETOWRITE "Time, Src-Addr, Dst-Addr, Seq-Num, Ack-Num, TX-Bytes, RX-Bytes, FC-Win\n";
         
   while ($linenum < $#file_data) {
      $line = $file_data[$linenum];
      chomp($line);
      @line_data = split(/\s+/,$line);
      
      if (($line !~ /\bDestination\b/) && ($line_data[3] eq $source_addr)) {
         $pktcount++;
         $last_seq_num = $seq_num;
         $last_ack_num = $ack_num;

         $time = $line_data[2];
         $src_addr = $line_data[3];
         $dst_addr = $line_data[4];

         if ($line_data[9] =~ /[[\w]]/) {
            @seq_data = split(/=/,$line_data[10]);
            @ack_data = split(/=/,$line_data[11]);
            @fcw_data = split(/=/,$line_data[12]);
            @pktlen_data = split(/=/,$line_data[13]);
        }
         elsif ($line_data[9] =~ /[[\w,]/) {
            @seq_data = split(/=/,$line_data[11]);
            @ack_data = split(/=/,$line_data[12]);
            @fcw_data = split(/=/,$line_data[13]);
            @pktlen_data = split(/=/,$line_data[14]);
         }

         $seq_num = $seq_data[1];
         $ack_num = $ack_data[1];
         $fcw_size = $fcw_data[1];
         $pkt_len = $pktlen_data[1];

         if ($pktcount >= 2) {
            #$bytes_tx = $seq_num - $last_seq_num;
            $bytes_tx = $pkt_len;
            if ($last_ack_num > 0) {
               $bytes_rx = $ack_num - $last_ack_num;
            }
         }

         print FILETOWRITE "$time, $src_addr, $dst_addr, $seq_num, $ack_num, $bytes_tx, $bytes_rx, $fcw_size\n";
      }

      $linenum++;
   }
   
   close (FILETOWRITE);
}

# =============================================================================
# EOF
# =============================================================================