Visibility and Analysis with Arkime, Elastic-Search, Kibana

Let us guide you through the installation of Arkime (Formely Moloch) in an environment to perform indexed packet capturing and network visualization.

The packet stream to Arkime will be fed by Aviz OPBNOS, providing the capability to filter, load-balance and aggregate traffic from network taps.

Arkime is a large-scale, open-source, indexed packet capture and search system that augments your current security infrastructure to store and index network traffic in standard PCAP format, providing fast, indexed access.

It provides an intuitive and simple web interface for PCAP browsing, searching, and exporting. Arkime exposes APIs which allow for PCAP data and JSON-formatted session data to be downloaded and consumed directly. Arkime stores and exports all packets in standard PCAP format, allowing you to also use your favourite PCAP ingesting tools, such as Wireshark, during your analysis workflow.

Pre-requisite

The following OSes should work out of the box:
- Arch
- CentOS/RHEL 7, 8, 9
- Amazon Linux 2
- Ubuntu 18.04, 20.04, 22.04
An installation of Docker Container Engine.

pageConfiguring OPBNOS pageInstalling Arkime pageTroubleshooting

PreviousConfiguring 1G Electrical SFP NextConfiguring OPBNOS

Last updated 1 year ago