Arkime网络流量分析实现

v20260426

implementing-network-traffic-analysis-with-arkime

部署 Arkime 全包流捕获，借助 v3 API 查询会话、下载 PCAP，识别信标行为、DNS/HTTP 流量与 TLS 异常，为威胁分析和合规检查提供数据。

网络安全 Arkime 数据包捕获流量分析威胁检测取证 Python 安全运营

获取技能

441 次下载

概览

Implementing Network Traffic Analysis with Arkime

When to Use

When deploying or configuring implementing network traffic analysis with arkime capabilities in your environment
When establishing security controls aligned to compliance requirements
When building or improving security architecture for this domain
When conducting security assessments that require this implementation

Prerequisites

Familiarity with network security concepts and tools
Access to a test or lab environment for safe execution
Python 3.8+ with required dependencies installed
Appropriate authorization for any testing activities

Instructions

Install dependencies: pip install requests
Configure Arkime viewer URL and credentials.
Run the agent to query Arkime sessions and analyze traffic:
- Search sessions by IP, port, protocol, or expression
- Download PCAP data for forensic analysis
- Detect C2 beaconing via connection interval analysis
- Identify DNS tunneling through query length statistics
- Flag connections to known-bad TLS certificate issuers

python scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json

Examples

Beaconing Detection

Source: 10.1.2.50 -> 185.220.101.34:443
Sessions: 288 over 24 hours
Avg interval: 300s, Jitter: 4.2%
Verdict: HIGH confidence C2 beaconing (jitter < 5%)

信息

Category 编程开发

Name implementing-network-traffic-analysis-with-arkime

版本 v20260426

大小 9.11KB

Source mukul975/Anthropic-Cybersecurity-Skills

更新时间 2026-05-10