PcapFileEx.Filter (pcap_file_ex v0.5.5)
View SourcePacket filtering helpers and DSL for PCAP/PCAPNG files.
Summary
Functions
Filters packets after a given timestamp.
Filters packets before a given timestamp.
Filters packets that contain the given protocol layer.
Filters packets by size range.
Filters packets by time range.
Filters packets containing specific byte patterns.
Filters packets larger than a given size.
Limits the stream to the first N packets.
Filters packets with payload matching a regex pattern.
Filters packets matching a custom predicate function.
Samples every Nth packet from the stream.
Skips the first N packets in the stream.
Filters packets smaller than a given size.
Functions
@spec after_time(Enumerable.t(), DateTime.t()) :: Enumerable.t()
Filters packets after a given timestamp.
Examples
start_time = ~U[2025-11-02 10:00:00Z]
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.after_time(start_time)
|> Enum.to_list()@spec before_time(Enumerable.t(), DateTime.t()) :: Enumerable.t()
Filters packets before a given timestamp.
Examples
end_time = ~U[2025-11-02 11:00:00Z]
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.before_time(end_time)
|> Enum.to_list()@spec by_protocol(Enumerable.t(), atom()) :: Enumerable.t()
Filters packets that contain the given protocol layer.
Supports link-layer (e.g., :ether), network-layer (e.g., :ipv4),
transport-layer (e.g., :tcp), and application protocols like :http.
@spec by_size(Enumerable.t(), Range.t()) :: Enumerable.t()
Filters packets by size range.
Examples
# Get packets between 100 and 1500 bytes
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.by_size(100..1500)
|> Enum.to_list()@spec by_time_range(Enumerable.t(), DateTime.t(), DateTime.t()) :: Enumerable.t()
Filters packets by time range.
Examples
start_time = ~U[2025-11-02 10:00:00Z]
end_time = ~U[2025-11-02 11:00:00Z]
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.by_time_range(start_time, end_time)
|> Enum.to_list()@spec contains(Enumerable.t(), binary()) :: Enumerable.t()
Filters packets containing specific byte patterns.
Examples
# Find packets containing HTTP GET
pattern = "GET "
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.contains(pattern)
|> Enum.to_list()@spec larger_than(Enumerable.t(), non_neg_integer()) :: Enumerable.t()
Filters packets larger than a given size.
Examples
# Get packets larger than 1000 bytes
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.larger_than(1000)
|> Enum.to_list()@spec limit(Enumerable.t(), non_neg_integer()) :: Enumerable.t()
Limits the stream to the first N packets.
Examples
# Get first 100 packets
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.limit(100)
|> Enum.to_list()@spec matches_regex(Enumerable.t(), Regex.t()) :: Enumerable.t()
Filters packets with payload matching a regex pattern.
Note: This converts packet data to string, which may not be appropriate for binary protocols.
Examples
# Find packets containing "HTTP/1.1"
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.matches_regex(~r/HTTP\/1\.1/)
|> Enum.to_list()@spec matching(Enumerable.t(), (PcapFileEx.Packet.t() -> boolean())) :: Enumerable.t()
Filters packets matching a custom predicate function.
Examples
# Get packets with even length
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.matching(fn packet ->
rem(byte_size(packet.data), 2) == 0
end)
|> Enum.to_list()@spec sample(Enumerable.t(), pos_integer()) :: Enumerable.t()
Samples every Nth packet from the stream.
Examples
# Get every 10th packet
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.sample(10)
|> Enum.to_list()@spec skip(Enumerable.t(), non_neg_integer()) :: Enumerable.t()
Skips the first N packets in the stream.
Examples
# Skip first 50 packets
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.skip(50)
|> Enum.to_list()@spec smaller_than(Enumerable.t(), non_neg_integer()) :: Enumerable.t()
Filters packets smaller than a given size.
Examples
# Get packets smaller than 100 bytes
PcapFileEx.stream("capture.pcap")
|> PcapFileEx.Filter.smaller_than(100)
|> Enum.to_list()