I've been working tirelessly at this pcap analysing script and finally got "somewhere" but now I have the issue of stripping the protocol from the line thats encasing it with colons:
IE:
eth:ethertype:arp
or
eth:ethertype:ip:tcp:ssh
I'm trying to get the last value from each like ssh or arp these objects change in sizes (using tshark pcap - JSON file)
There are multiple ways to do this. You can use .split(":") and then take the last item from the resulting array.
let str = "eth:ethertype:ip:tcp:ssh";
let splits = str.split(":");
console.log(splits[splits.length - 1]);You can use a regex like:
let str = "eth:ethertype:ip:tcp:ssh";
let regex = /:([^:]+)$/;
let matches = str.match(regex);
if (matches) {
console.log(matches[1]);
} else {
console.log("no matches");
}