Network Analysis & Packet Capture

It's amazing what you discover when you start looking.

Augment your current security infrastructure to store and index network traffic in standard PCAP format.
Arkime offers full network visibility, facilitating the swift identification and resolution of security and network issues.


Security teams gain access to the necessary network visibility data essential for responding to and investigating incidents to expose the full attack scope.


Designed to be deployed across multiple clustered systems, providing the ability to scale to hundreds of gigabits per second.


Allows security analysts to respond, reconstruct, investigate and confirm information about the threats within your network and take the appropriate response quickly and precisely.

Open Source

Provides users with the benefits of transparency, cost-effectiveness, flexibility, and community support.


Arkime Demo


Check it out!

The username and password are both arkime.

Warning: Anyone can see anything you upload.

Also, check out our recorded talks and feature demos.

Sessions Page

The Sessions page displays a list of indexed sessions for the selected time period and search expression. It includes a timeline graph and a map of the session results.

Sessions screenshot

The search bar allows for powerful search queries to narrow down the data. Choose the owl to display available fields and expression syntax.

  Session detail

Get more information about any session and view the session's packet data by choosing the + button.

  Value actions

Hover and click any value to view a dropdown menu of actions, such as applying that value as search criteria.

  Export PCAP

You can export search results as PCAP or CSV by choosing the actions () dropdown menu on the top right.

  Timeline search

Click and drag an area in the timeline to filter sessions by time.

  Country search

Choose a country on the map to apply it as search criteria.

SPI View Page

The Session Profile Information (SPI) View page allows you to view unique values with session counts for each of the captured fields.

SPI View screenshot
  Toggle categories

Select any section to open or close any field category.

  Search for fields

Search for fields within a category by using the input box within the category.

  Toggle fields

Select a field in the top section of a category to toggle the field's visibility. You can also select the Load All or Unload All buttons to load or unload all the fields in that category.

  Field actions

Choose the dropdown menu on any field to view actions that can be performed on that field, such as exporting unique values and opening the SPI Graph page.

  Cancel Load

Choose the cancel button on the top right of the page if the page is taking a long time to load data or you made a mistake when you issued a query.

SPI Graph Page

The Session Profile Information (SPI) Graph page shows a temporal view for the top unique values of any field.

SPI Graph screenshot

The first timeline graph and map show an aggregation of all the results below. Choose the x button on this map to hide all maps.

  Search for fields

Make a selection from the SPI Graph dropdown menu on the top left to view the unique values for different fields.

  More fields

Change the Max Elements dropdown menu selection to display more results.


Change the Sort by dropdown menu selection to change how the results are sorted. By default, the results are sorted starting with the highest unique field value.

Connections Page

The Connections page shows a network graph of your search results.

Connections screenshot

Click and drag a node to lock it into place on the graph.

  Node Info

Hover over a node or a link to view more information (or to hide it).

  Node/Link Weight

Change the Node/Link Weight dropdown menu selection to change how the node and link sizes are calculated.

  Change Source/Destination Nodes

Make a selection from the Src or Dst dropdown menus to visualize your data based upon different captured field relationships.

  Save as a PNG

Save the graph as a PNG!

Parliament Application

Parliament contains a grouped list of your Arkime clusters with links, ES health, and issues for each. Learn more about Parliament!

Parliament Dashboard Screenshot
  Landing Page

You can use Parliament as a landing page for all of your Arkime clusters.


View issues within your Arkime clusters and monitor the health of your Elasticsearch clusters.

Cont3xt Application

Cont3xt centralizes and simplifies a structured approach to gathering contextual intelligence in support of technical investigations. Learn more about Cont3xt!

Cont3xt Dashboard Screenshot

It enriches indicators using popular commercial and OSINT sources in a structured, consistent, and thorough process. Some of the default enrichment integrations include PassiveTotal, VirusTotal, Censys, Shodan, and more.

  Links to External Sources

You can add custom link to query your available resources that will simplify team access to frequently queried resources.


Share links with team mates that are tailored to specific views and link filters to guide the investigative process.


Download full reports, or subsets of response data.

Cont3xt Demo


Check it out!

The username and password are both arkime.



Read our FAQ first!


Join our Slack workspace to discuss Arkime and ask questions.


Find a bug? Want a new feature? Open an issue on GitHub.


We'd love to hear your feedback! Take the Arkime user survey.

Still have questions? Join our Office Hours!

Want to add to our FAQ? Found an issue on this site?

  This site's code is open-source. Please contribute!  

Arkime Logo