arkime
by arkime
Arkime is an open source, large scale network packet capture and indexing system that enables fast, indexed access to full packet data through an intuitive web interface.
Arkime is an open source, large scale, full packet capturing, indexing, and database system.
Primary Use Case
Arkime is used by network security teams and analysts to capture, store, and analyze full network traffic at scale, enabling detailed investigation of network sessions and security incidents. It is ideal for organizations needing long-term packet retention and fast search capabilities across high-volume network environments.
- Full packet capture and storage in standard PCAP format
- Fast, indexed access to network traffic metadata using OpenSearch/Elasticsearch
- Intuitive web interface for browsing, searching, and exporting PCAP data
- APIs for downloading PCAP and JSON session data
- Scalable deployment supporting tens of gigabits per second traffic
- Modular architecture with capture, viewer, and search components
- Optional integrations for contextual intelligence, threat intelligence, and cluster monitoring
- PCAP compatibility with tools like Wireshark
Installation
- Download prebuilt binaries from the Arkime Downloads page
- Install capture component on network sensor machines
- Install viewer component (Node.js application) on each capture machine
- Set up OpenSearch or Elasticsearch cluster for metadata indexing
- Configure capture to write PCAP files to local disk
- Configure viewer to provide web interface and packet transfer
- Adjust PCAP retention based on sensor disk space
- Scale Elasticsearch cluster to increase metadata retention
- Integrate Arkime with SIEM platforms to enhance network traffic context for faster incident detection and response.
- Use Arkime's API to automate extraction and enrichment of packet data for threat hunting workflows.
- Deploy Arkime sensors strategically across network segments to maximize visibility into lateral movement and data exfiltration attempts.
- Leverage Arkime's PCAP exports to replay attack scenarios during purple team exercises for realistic adversary emulation.
- Combine Arkime with threat intelligence feeds to correlate captured traffic with known malicious indicators for proactive defense.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about arkime. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
v2ray-core
v2fly/v2ray-core
A platform for building proxies to bypass network restrictions.
sniffnet
GyulyVGC/sniffnet
Comfortably monitor your Internet traffic 🕵️♂️
algo
trailofbits/algo
Set up a personal VPN in the cloud
setup-ipsec-vpn
hwdsl2/setup-ipsec-vpn
Scripts to build your own IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
cilium
cilium/cilium
eBPF-based Networking, Security, and Observability
netbird
netbirdio/netbird
Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.