Arkime is an open source, large scale network packet capture and indexing system that enables fast, indexed access to full packet data through an intuitive web interface.
Arkime is an open source, large scale, full packet capturing, indexing, and database system.
Arkime is used by network security teams and analysts to capture, store, and analyze full network traffic at scale, enabling detailed investigation of network sessions and security incidents. It is ideal for organizations needing long-term packet retention and fast search capabilities across high-volume network environments.
Arkime requires a properly configured OpenSearch or Elasticsearch backend for metadata storage and search functionality. PCAP retention depends on local disk space, so adequate storage planning is essential. The system is designed for high throughput environments and may require tuning for optimal performance. Users can leverage the provided APIs for automation and integration into existing security workflows.
Download prebuilt binaries from the Arkime Downloads page
Install capture component on network sensor machines
Install viewer component (Node.js application) on each capture machine
Set up OpenSearch or Elasticsearch cluster for metadata indexing
Configure capture to write PCAP files to local disk
Configure viewer to provide web interface and packet transfer
Adjust PCAP retention based on sensor disk space
Scale Elasticsearch cluster to increase metadata retention