#! /usr/local/bin/perl
#    sec
#    usec
#    src
#    dst
#    prot - empty - length(2)
#    sport
#    dport
#
#        timestamp component in seconds
#        timestamp component in useconds
#        IP source address
#        IP destination address
#        IP length (16 bits) - IP protocol (8 bits) - TCP flags (8 bits)
#        IP source port (16 bits)  - IP destination port (16 bits)
#
# Special considerations:
#
#        if plen = 65535:
#                non-IP packet
#                MAC level type field in dport
#
#        if flags = 0xff
#                IP fragment

open(infile,$ARGV[0]) || die("Can't open fr/er input file\n");
read(infile,$record,24) || goto EOIF;
$ipoldtstampsec  = vec($record,0,32);
$ipoldtstampusec = vec($record,1,32);

# Start reading in entries
while () {
 read(infile,$record,24) || goto EOIF;
 $tstampsec  = vec($record,0,32);
 $tstampusec = vec($record,1,32);
 $ssrc	     = vec($record,2,32);
 $sdst	     = vec($record,3,32);
 $plen       = vec($record,8,16);
 $prot       = vec($record,18,8);
 $tflags     = vec($record,19,8);
 $sport      = vec($record,10,16);
 $dport      = vec($record,11,16);

 $time= ($tstampusec/1000000.)+$tstampsec;
 $dtime=(($tstampsec-$ipoldtstampsec)*1000000)+($tstampusec-$ipoldtstampusec);
 $ipoldtstampsec  = $tstampsec;
 $ipoldtstampusec = $tstampusec;

 $src1 = vec($record,8,8);
 $src2 = vec($record,9,8);
 $src3 = vec($record,10,8);
 $src4 = vec($record,11,8);
 $dst1 = vec($record,12,8);
 $dst2 = vec($record,13,8);
 $dst3 = vec($record,14,8);
 $dst4 = vec($record,15,8);
 if ($tflags == 0xff) {$sport="NA";$dport="NA";}
 if ($prot ne "1" && $prot ne "6" && $prot ne "17"){$sport="NA"; $dport="NA";}
 if ($plen == 65535) {
 printf "%s\t%d\tNA\tNA\tNA\tNA\t%x\tNA\tNA\n",
       $time,$dtime,$dport;
 } else {

 printf "%.6f\t%d\t%d\t%d.%d.%d.%d\t%d.%d.%d.%d\t%d\t%s\t%s\t%x\n",
       $time,$dtime,$plen,$src1,$src2,$src3,$src4,$dst1,$dst2,$dst3,$dst4,
       $prot,$sport,$dport,$tflags;
 }
}

EOIF:
#printf "Processed %d packets.\n",$ipcount;