implementing-network-traffic-analysis-with-arkime

Solid

Deploy and query Arkime (formerly Moloch) for full packet capture network traffic analysis. Uses the Arkime API v3 to search sessions, download PCAPs, analyze connection patterns, detect beaconing behavior, and identify suspicious network flows. Monitors DNS queries, HTTP traffic, and TLS certificate anomalies across captured traffic.

AI & Automation 16,326 stars 1981 forks Updated 2 weeks ago Apache-2.0

Install

View on GitHub

Quality Score: 95/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
71
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Network Traffic Analysis with Arkime ## When to Use - When deploying or configuring implementing network traffic analysis with arkime capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Familiarity with network security concepts and tools - Access to a test or lab environment for safe execution - Python 3.8+ with required dependencies installed - Appropriate authorization for any testing activities ## Instructions 1. Install dependencies: `pip install requests` 2. Configure Arkime viewer URL and credentials. 3. Run the agent to query Arkime sessions and analyze traffic: - Search sessions by IP, port, protocol, or expression - Download PCAP data for forensic analysis - Detect C2 beaconing via connection interval analysis - Identify DNS tunneling through query length statistics - Flag connections to known-bad TLS certificate issuers ```bash python scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json ``` ## Examples ### Beaconing Detection ``` Source: 10.1.2.50 -> 185.220.101.34:443 Sessions: 288 over 24 hours Avg interval: 300s, Jitter: 4.2% Verdict: HIGH confidence C2 beaconing (jitter < 5%) ```

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
2 weeks ago
Language
Python
License
Apache-2.0

Bundled in these plugins

cybersecurity-skills

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

performing-network-traffic-analysis-with-tshark

Automate network traffic analysis using tshark and pyshark for protocol statistics, suspicious flow detection, DNS anomaly identification, and IOC extraction from PCAP files

16,326 Updated 2 weeks ago
mukul975
AI & Automation Featured

analyzing-network-traffic-for-incidents

Analyzes network traffic captures and flow data to identify adversary activity during security incidents, including command-and-control communications, lateral movement, data exfiltration, and exploitation attempts. Uses Wireshark, Zeek, and NetFlow analysis techniques. Activates for requests involving network traffic analysis, packet capture investigation, PCAP analysis, network forensics, C2 traffic detection, or exfiltration detection.

16,326 Updated 2 weeks ago
mukul975
Data & Documents Listed

network-security--traffic-analysis

Network traffic analysis, PCAP parsing, IDS/IPS rule creation, firewall configuration auditing, and network anomaly detection

83 Updated 3 days ago
Masriyan