Skill

implementing-network-traffic-analysis-with-arkime

From asi

Deploys and queries Arkime via API v3 for packet capture analysis: search sessions by IP/port/protocol, download PCAPs, detect C2 beaconing, monitor DNS/HTTP/TLS anomalies.

Python

security

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

- When deploying or configuring implementing network traffic analysis with arkime capabilities in your environment

SKILL.md

Similar Skills

implementing-network-traffic-analysis-with-arkime

5.9k

Deploys and queries Arkime via API v3 for packet capture analysis: search sessions, download PCAPs, detect beaconing, DNS tunneling, and TLS anomalies.

3 files

cybersecurity-skills

implementing-network-traffic-analysis-with-arkime

Deploys and queries Arkime for full packet capture network traffic analysis via API v3. Searches sessions by IP/port/protocol, downloads PCAPs, detects beaconing/C2, suspicious traffic, DNS tunneling, TLS anomalies.

3 files

cybersecurity-skills-zh

analyzing-network-traffic-for-incidents

Analyzes PCAP files, Zeek logs, and NetFlow data to detect C2 communications, lateral movement, data exfiltration, and exploits during security incidents using Wireshark techniques.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Implementing Network Traffic Analysis with Arkime

When to Use

When deploying or configuring implementing network traffic analysis with arkime capabilities in your environment

When establishing security controls aligned to compliance requirements

When building or improving security architecture for this domain

When conducting security assessments that require this implementation

Prerequisites

Familiarity with network security concepts and tools

Access to a test or lab environment for safe execution

Python 3.8+ with required dependencies installed

Appropriate authorization for any testing activities

Instructions

Install dependencies: pip install requests

Configure Arkime viewer URL and credentials.

Run the agent to query Arkime sessions and analyze traffic:

Search sessions by IP, port, protocol, or expression
Download PCAP data for forensic analysis
Detect C2 beaconing via connection interval analysis
Identify DNS tunneling through query length statistics
Flag connections to known-bad TLS certificate issuers

python scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json

Examples

Beaconing Detection

Source: 10.1.2.50 -> 185.220.101.34:443 Sessions: 288 over 24 hours Avg interval: 300s, Jitter: 4.2% Verdict: HIGH confidence C2 beaconing (jitter < 5%)