TextSearch
http://arkime.com/

Arkime

An open-source, large scale, full packet capturing, indexing, and database system. Stop using slow tools to dissect and search your packets, let Arkime do the grunt work for you!

· archived 5/18/2026, 12:42:28 AMscreenshotcached html
Arkime Arkime Home Demo Screenshots Help Downloads Estimators Learn FAQ Settings API Docs Galleries WISE Configs Arkime Rules Arkime Home Downloads Estimators FAQ Settings API Docs WISE 3.x Configs Arkime Rules LinkedIn Slack Us Arkime GitHub light mode LinkedIn Slack Channel Arkime GitHub Full Packet Capture Arkime (formerly Moloch) is a large-scale, open-source, indexed packet capture and search tool. Download GitHub Slack Us Arkime 4.0 is HERE! It includes a new app! Check out Cont3xt. Meet the developers and other Arkimists at our Office Hours. Augment your current security infrastructure to store and index network traffic in standard PCAP format. Arkime is not meant to replace Intrusion Detection Systems (IDS) but instead provides more visibility. Security Access to Arkime is protected by using HTTPS with digest passwords or by using an authentication-providing web server proxy. All PCAPs are stored on the installed Arkime sensors and are only available through the Arkime web interface or API. Arkime supports encrypting PCAP files at rest. Want to report a security issue or just learn more? There's more info here. Scalability Arkime is designed to be deployed across multiple clustered systems, providing the ability to scale to handle multiple gigabits per second of traffic. PCAP retention is based on available sensor disk space, while metadata retention is based on the scale of the OpenSearch/Elasticsearch cluster. Both can be increased at any time. Interface A web application is provided for PCAP browsing, searching, analysis, and PCAP carving for exporting. Arkime stores and exports all packets in standard PCAP format, allowing you to use your favorite PCAP ingestion tools during your analysis workflow. APIs Exposed APIs allow PCAP data and JSON-formatted session data to be downloaded directly. View the API documentation .   Arkime Demo ArkimeDemo Check it out! The username and password are both arkime. Warning: Anyone can see anything you upload. Also, check out our recorded talks and feature demos. Sessions Page The Sessions page displays a list of indexed sessions for the selected time period and search expression. It includes a timeline graph and a map of the session results.   Search The search bar allows for powerful search queries to narrow down the data. Choose the owl to display available fields and expression syntax.   Session detail Get more information about any session and view the session's packet data by choosing the + button.   Value actions Hover and click any value to view a dropdown menu of actions, such as applying that value as search criteria.   Export PCAP You can export search results as PCAP or CSV by choosing the actions () dropdown menu on the top right.   Timeline search Click and drag an area in the timeline to filter sessions by time.   Country search Choose a country on the map to apply it as search criteria. SPI View Page The Session Profile Information (SPI) View page allows you to view unique values with session counts for each of the captured fields.   Toggle categories Select any section to open or close any field category.   Search for fields Search for fields within a category by using the input box within the category.   Toggle fields Select a field in the top section of a category to toggle the field's visibility. You can also select the Load All or Unload All buttons to load or unload all the fields in that category.   Field actions Choose the dropdown menu on any field to view actions that can be performed on that field, such as exporting unique values and opening the SPI Graph page.   Cancel Load Choose the cancel button on the top right of the page if the page is taking a long time to load data or you made a mistake when you issued a query. SPI Graph Page The Session Profile Information (SPI) Graph page shows a temporal view for the top unique values of any field.   Total The first timeline graph and map show an aggregation of all the results below. Choose the x button on this map to hide all maps.   Search for fields Make a selection from the SPI Graph dropdown menu on the top left to view the unique values for different fields.   More fields Change the Max Elements dropdown menu selection to display more results.   Sorting Change the Sort by dropdown menu selection to change how the results are sorted. By default, the results are sorted starting with the highest unique field value. Connections Page The Connections page shows a network graph of your search results.   Lock Click and drag a node to lock it into place on the graph.   Node Info Hover over a node or a link to view more information (or to hide it).   Node/Link Weight Change the Node/Link Weight dropdown menu selection to change how the node and link sizes are calculated.   Change Source/Destination Nodes Make a selection from the Src or Dst dropdown menus to visualize your data based upon different captured field relationships.   Save as a PNG Save the graph as a PNG! Help! FAQ Read our FAQ first! Slack Join our Slack workspace to discuss Arkime and ask questions. Issues Find a bug? Want a new feature? Open an issue on GitHub. Feedback We’d love to hear your feedback! Take the Arkime user survey. Want to add to our FAQ? Found an issue on this site?   This site's code is open-source. Please contribute!   Arkime    Arkime GitHub Found an Issue? Docs    API    FAQ