Arkime vs Nmap
GitHub Stats
About Arkime
Arkime (formerly Moloch) is an open-source, large-scale, full packet capturing, indexing, and database system. It stores and indexes network traffic in standard PCAP format, providing fast, indexed access to historical network sessions through a powerful web interface. Arkime's viewer lets analysts search, filter, and drill into network sessions by IP, port, protocol, country, ASN, header content, and dozens of other fields. It integrates with Elasticsearch for session metadata storage and supports PCAP export for deeper analysis in Wireshark or Zeek. Arkime is designed to scale to multi-gigabit capture rates across distributed sensors, making it suitable for enterprise and ISP-scale deployments. Its SPIGraph feature provides visual timeline analysis, and the Hunt feature allows searching through full packet payloads. Arkime is commonly deployed alongside Zeek and Suricata for a complete network security monitoring stack.
About Nmap
Nmap (Network Mapper) is a free and open-source utility for network discovery and security auditing. It uses raw IP packets to determine available hosts, services, operating systems, packet filters/firewalls, and dozens of other characteristics. It was designed to rapidly scan large networks but works fine against single hosts. Nmap's scripting engine (NSE) allows users to write and share scripts to automate networking tasks, from vulnerability detection to backdoor discovery. It's used by security professionals, system administrators, and researchers worldwide.
Platform Support
Tags
Arkime only
Nmap only