Arkime Logo

Arkime

1
Free
Visit Website

Arkime is an open-source network capture and analysis tool designed to augment existing security infrastructure. It stores and indexes network traffic in standard PCAP format, offering full network visibility to security teams. The tool is scalable, capable of handling hundreds of gigabits per second when deployed across multiple clustered systems. Arkime features a Sessions page for viewing indexed sessions, a powerful search functionality, and the ability to export results as PCAP or CSV. It includes an SPI (Session Profile Information) View for analyzing unique values of captured fields, and an SPI Graph page for temporal views of top unique field values. The Connections page provides a network graph visualization of search results. Additionally, Arkime offers a Parliament application for monitoring multiple Arkime clusters and a Cont3xt application for gathering contextual intelligence during technical investigations.

FEATURES

ALTERNATIVES

Open source software for leveraging insights from flow and packet analysis to identify potential security threats or attacks.

Fail2ban is a daemon that scans log files and bans IPs showing malicious signs to protect servers from brute-force attacks.

A Python-based web application scanner for OSINT and fuzzing OWASP vulnerabilities

An analyzer for parsing GQUIC traffic in Zeek, supporting versions Q039 to Q046, with a fingerprinting method named 'CYU' for detecting anomalous GQUIC traffic.

A Digital Bond research project to enumerate ICS applications and devices

A utility for splitting packet traces along TCP connection boundaries.

NBD is a user-space network protocol for sharing block devices over a network, allowing clients to access block devices on a server as if they were local.

Accurate detection of HTTPS interception and robust TLS fingerprinting tool.