(Golf) Analyzing Time From tcpdump Output

It's been a while since there was a golf, so I thought I would post a hole.

Running tcpdump on a *nix box will give you the output something akin to:

23:02:57.121780 receiveServer.yourDomain.com.ssh > targetServer.yourDo
+main.com.1060: P 2193476388:2193476432(44) ack 3461777800 win 16060 (
+DF) [tos 0x10]
23:02:57.121937 targetServer.yourDomain.com.1060 > receiveServer.yourD
+omain.com.ssh: . ack 44 win 16328 (DF)
23:02:57.123952 receiveServer.yourDomain.com.2113 > dns.yourDomain.com
+.domain: 56467+ (45)
23:02:57.124389 dns.yourDomain.com.domain > receiveServer.yourDomain.c
+om.2113: 56467* 1/3/3 (189)
23:02:57.124931 receiveServer.yourDomain.com.2113 > dns.yourDomain.com
+.domain: 56468+ (44)
23:02:57.125371 dns.yourDomain.com.domain > receiveServer.yourDomain.c
+om.2113: 56468* 1/3/3 (189)
23:02:57.125953 receiveServer.yourDomain.com.ssh > targetServer.yourDo
+main.com.1060: P 44:336(292) ack 1 win 16060 (DF) [tos 0x10]
23:02:57.126299 receiveServer.yourDomain.com.2113 > dns.yourDomain.com
+.domain: 56469+ (41)
23:02:57.126818 dns.yourDomain.com.domain > receiveServer.yourDomain.c
+om.2113: 56469* 1/4/4 (209)
23:02:57.127455 receiveServer.yourDomain.com.ssh > targetServer.yourDo
+main.com.1060: P 336:628(292) ack 1 win 16060 (DF) [tos 0x10]
[download]

Just recently, I helped a person who's assignment for a class was to analyze this output and deduce how long it took to load a site. That is, you took the last time stamp and subtracted the first time stamp from it (this was done while connecting via http to a website).

So, I helped the person do it in Perl; then for my own amusement, I golfed it. You can assume (as I did) that the hours and minutes would stay the same lest you run into crazy time to integer conversion issues. Running it against the output posted above should give you .00567.

Here's what I came up with:

Stroke #1:

123456789 2 3 4 + 5 6 % cat data.output | perl -ne'undef$/;/.{6}(.{9}).*[\d|:]{6}([\d|\.]{9} +)(?!\n)/s,print$2-$1'
[download]

Stroke #2:

123456789 2 3 4 + 5 6 % cat data.output | perl -n0e'/.{6}(.{9}).*[\d|:]{6}([\d|\.]{9})(?!\n) +/s,print$2-$1.'
[download]

Happy Golfin',
Jeremy

P.S. This is my first golf.

Comment on (Golf) Analyzing Time From tcpdump Output Select or Download Code

Replies are listed 'Best First'.
(cLive ;-)(Golf) Analyzing Time From tcpdump Output by cLive ;-) (Prior) on Feb 05, 2002 at 03:06 UTC
42 `123456789 2 3 4 % cat data.output \| perl -p0e'/(\d+\.\d+).(\d+\.\d+)/s;$_=$2-$1.$:'` [download] I added a closing CR because output doesn't display otherwise (at least not for my install :) - without it, it's 39 cLive ;-) update* - as chipmunk points out, this fails. In my effort to fp a reply, I missed out the : , ie: `% cat data.output \| perl -p0e'/(\d+\.\d+).*:(\d+\.\d+)/s;$_=$2-$1.$:'` [download] Shame on y'all who ++d my reply :)	[reply] [d/l] [select]
Re: (cLive ;-)(Golf) Analyzing Time From tcpdump Output by chipmunk (Parson) on Feb 05, 2002 at 03:43 UTC
I'm afraid your solution has a bug; the greedy matching of .* means that $2 only contains one of the digits before the decimal point, rather than both. Here's another way to match: `perl -lp0e'/([\d.]{9}).*([\d.]{9})/s;$_=$2-$1'` Using -l is shorter than using $:, and avoids outputting a spurious '-' after the newline. :)	[reply] [d/l]
(cLive ;-)(Golf) Analyzing Time From tcpdump Output by cLive ;-) (Prior) on Feb 05, 2002 at 07:45 UTC
Are you sure? Try running it... :) The \d+ is greedy too... cLive ;-)	[reply]
Re: (cLive ;-)(Golf) Analyzing Time From tcpdump Output by chipmunk (Parson) on Feb 05, 2002 at 16:00 UTC
Re: (cLive ;-)(Golf) Analyzing Time From tcpdump Output by petral (Curate) on Feb 05, 2002 at 15:38 UTC
Or `perl -lp0e's/\S:(\S+).:..:(\S+).*/$2-$1/es' data.output` [download] TIMTOWTDI: `perl -lpe'$b=(split":")[2];$a\|\|=$b}{$_=$b-$a' data.output` [download] p	[reply] [d/l] [select]
Re: (Golf) Analyzing Time From tcpdump Output by redsquirrel (Hermit) on Feb 06, 2002 at 03:45 UTC
This works for me. `perl -0pe'@n=/\d+\.\d+/g;$_=$n[-1]-$n[0]'` --Dave	[reply] [d/l]


No such thing as a small change
	PerlMonks