#!/usr/bin/perl -w
#
# sumtiming
#
# Summarize timing of packets from tethereal output.
# This will summarize the time delta of packet n with packet n+1.
# We can get an idea of the nmap timing options and maybe the time
# it took the attacker to launch a new scan when the previous
# scan finished.
#
# Nick DeBaggis
#

use strict;

my %hash;
my @timing;
my @arr;
my $delta;

while(<>){
   chomp;
   @arr = split();
   push @timing, $arr[1];
}

for(my $n = 0; $n < @timing - 1; $n++){
   $delta = $timing[$n + 1] - $timing[$n];
   $hash{sprintf("%.1f",$delta)}++;
}

print "Packet Delta Statistics\n\n";
print "Delta                Count Percent\n";
print "----------------------------------\n";


foreach(sort {$a <=> $b} keys %hash){
   printf("%5.1f             %8d %6.2f%%\n", $_, $hash{$_}, ($hash{$_}/@timing*100));
}