Arkime is an open source indexed packet capture and search tool that is built to be scalable and deployable across different systems and supports elastic and open search. Arkime was formerly known as moloch and it’s a tool to augment your security infrastructure. This tool is commonly used for network security monitoring. It’s pretty much a standalone full packet capture system with metadata parsing and searching to allow analysts to see what is happening on the network.
Arkime has web interface where you can browse pcap data in numerous visual formats. It has a search bar that allows you to search queries to narrow down the data in a meaningful way, which is extremely helpful if you have a big network. It allows you to search by time, country, and other meaningful categories and assists in generating a holistic report. JSON format is support, which is widely consumed by other tools like wireshark.
The software is designed to accommodate tens of gigabits per second of traffic and the PCAP files are saved on the sensors, which are accessed via arkime web interface or API. The PCAP storage is determined by the sensor disc space available while API is determined by the elasticsearch cluster. PCAP files can be encrypted at rest with arkime.
HansITAcademy 
You must be logged in to post a comment.