Arkime vs Sniffnet
GitHub Stats
About Arkime
Arkime (formerly Moloch) is an open-source, large-scale, full packet capturing, indexing, and database system. It stores and indexes network traffic in standard PCAP format, providing fast, indexed access to historical network sessions through a powerful web interface. Arkime's viewer lets analysts search, filter, and drill into network sessions by IP, port, protocol, country, ASN, header content, and dozens of other fields. It integrates with Elasticsearch for session metadata storage and supports PCAP export for deeper analysis in Wireshark or Zeek. Arkime is designed to scale to multi-gigabit capture rates across distributed sensors, making it suitable for enterprise and ISP-scale deployments. Its SPIGraph feature provides visual timeline analysis, and the Hunt feature allows searching through full packet payloads. Arkime is commonly deployed alongside Zeek and Suricata for a complete network security monitoring stack.
About Sniffnet
Sniffnet is a cross-platform application to comfortably monitor your internet traffic. Written in Rust for performance, it identifies 6000+ upper-layer protocols, provides real-time bandwidth charts, supports PCAP capture and export, does IP geolocation and ASN lookup, and sends custom notifications based on traffic thresholds. The GUI is clean and accessible to both security professionals doing traffic analysis and regular users who want visibility into what their machine is communicating with. Supports filtering by protocol, country, and application.
Platform Support
Tags
Shared
Arkime only
Sniffnet only