Arkime Traffic Analysis

v20260317

implementing-network-traffic-analysis-with-arkime

Deploy Arkime to capture, query, and analyze network sessions, download PCAPs, and flag beaconing, DNS tunneling, or TLS anomalies for proactive threat hunting.

Arkime Network Security Traffic Analysis Packet Capture Threat Detection

Get Skill

157 downloads

Overview

Instructions

Install dependencies: pip install requests
Configure Arkime viewer URL and credentials.
Run the agent to query Arkime sessions and analyze traffic:
- Search sessions by IP, port, protocol, or expression
- Download PCAP data for forensic analysis
- Detect C2 beaconing via connection interval analysis
- Identify DNS tunneling through query length statistics
- Flag connections to known-bad TLS certificate issuers

python scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json

Examples

Beaconing Detection

Source: 10.1.2.50 -> 185.220.101.34:443
Sessions: 288 over 24 hours
Avg interval: 300s, Jitter: 4.2%
Verdict: HIGH confidence C2 beaconing (jitter < 5%)

Info

Category Uncategorized

Name implementing-network-traffic-analysis-with-arkime

Version v20260317

Size 8.75KB

Source mukul975/Anthropic-Cybersecurity-Skills

Updated At 2026-03-18