EN
ENNA

Arkime

Apache-2.0

๐ŸŒ Network Recon ยท JavaScript/C

Arkime (formerly Moloch) is an open-source, large-scale, full packet capturing, indexing, and database system. It stores and indexes network traffic in standard PCAP format, providing fast, indexed access to historical network sessions through a powerful web interface. Arkime's viewer lets analysts search, filter, and drill into network sessions by IP, port, protocol, country, ASN, header content, and dozens of other fields. It integrates with Elasticsearch for session metadata storage and supports PCAP export for deeper analysis in Wireshark or Zeek. Arkime is designed to scale to multi-gigabit capture rates across distributed sensors, making it suitable for enterprise and ISP-scale deployments. Its SPIGraph feature provides visual timeline analysis, and the Hunt feature allows searching through full packet payloads. Arkime is commonly deployed alongside Zeek and Suricata for a complete network security monitoring stack.

7.3kstars
1.1kforks
38issues
Updated 5d ago
View on GitHubOfficial WebsiteDocumentation

Installation

from source

$ git clone https://github.com/arkime/arkime && cd arkime && ./easybutton-build.sh

Download

$ Download packages from https://arkime.com/downloads

Use Cases

  • Capturing and indexing full network traffic for forensic analysis
  • Searching historical network sessions by IP, port, protocol, and content
  • Hunting through packet payloads for indicators of compromise
  • Exporting relevant PCAP segments for detailed Wireshark analysis
  • Deploying distributed capture sensors for enterprise-scale monitoring

Tags

packet-capturepcapelasticsearchnetwork-forensicsfull-capturesearchbig-datacjavascriptnetwork-monitoringnsmsecurity

Details

Category
๐ŸŒ Network Recon
Language
JavaScript/C
Repository
arkime/arkime
License
Apache-2.0
Platforms
๐Ÿงlinux

Links

GitHub Repository

github.com/arkime/arkime

Official Website

arkime.com

Documentation

arkime.com/learn

Releases

github.com/arkime/arkime/releases

Issues

github.com/arkime/arkime/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Alternatives & Comparisons

Nmap

C/C++

The gold standard network scanner. Host discovery, port scanning, service/version detection, OS fingerprinting.

Compare Arkime vs Nmap

Wireshark

C/C++

The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.

Compare Arkime vs Wireshark

Zeek

C++

Network analysis framework (formerly Bro). Deep packet inspection, protocol analysis, and security monitoring at scale.

Compare Arkime vs Zeek

Suricata

C/Rust

High-performance IDS/IPS and network monitoring engine. Multi-threaded with Snort-compatible rules and protocol logging.

Compare Arkime vs Suricata

More in Network Recon

Nmap

C/C++

The gold standard network scanner. Host discovery, port scanning, service/version detection, OS fingerprinting.

port-scanservice-detectionos-fingerprint

Masscan

C

Internet-scale port scanner. Transmits 10 million packets per second. Asynchronous, stateless scanning.

port-scanhigh-speedinternet-scale

RustScan

Rust

Blazing fast port scanner that pipes into Nmap. Scans all 65k ports in 3 seconds flat.

port-scanfastnmap-integration

Shodan CLI

Python

Command-line interface for Shodan, the search engine for internet-connected devices.

iotsearch-engineinternet-scan

Wireshark

C/C++

The world's foremost network protocol analyzer. Deep packet inspection for hundreds of protocols.

packet-captureprotocol-analysisgui

Responder

Python

LLMNR/NBT-NS/mDNS poisoner and rogue authentication server. Captures NTLMv1/v2 hashes on the network.

ntlmpoisoncredential-capture