Product Information
What is Arkime?
Moloch enhances your security infrastructure by storing and indexing network traffic in standard PCAP format for fast access. It offers a simple web interface for PCAP browsing, searching, and exporting. Moloch exposes APIs for direct downloads of PCAP and JSON session data. All packets are stored and exported in standard PCAP format, allowing analysis with tools like Wireshark.
Moloch scales across multiple systems to handle tens of gigabits/sec. PCAP retention depends on sensor disk space; metadata retention scales with Elasticsearch cluster size. Both can be expanded anytime, fully under your control.
How to use Arkime?
Arkime is an open-source, large-scale, all-encompassing capture, indexing, and database system designed to enhance security infrastructure. It provides rapid, indexed access to network traffic PCAP data and aids in identifying and resolving security and network issues.
Core Functions of Arkime
Network Scanner
Usage Scenarios of Arkime
- Storing and indexing network traffic data
- Browsing, searching, and exporting PCAP data
- Quickly identifying and resolving security and network issues
- Respond to and investigate security incidents, revealing the scope of attacks
- Reconstruct, investigate, and confirm network threat information
- Analyze and search network data packets
Common Questions about Arkime
What does Arkime do?
How do I use Arkime?
What are the core features of Arkime?
What are the application scenarios for Arkime?




















