Contact Us

Accelerate Investigations with Full-Packet Visibility

Searchable, scalable packet capture platform for long-term storage, rapid forensic analysis, and incident response.

Let’s Discuss Your Needs

Overview

Moloch (now Arkime) is an open-source large-scale full-packet capture platform designed for security professionals and forensic analysts. It captures and indexes raw network traffic, enabling rapid search and replay capabilities across weeks or months of historical data. At NetworkTestingTech, we integrate Arkime into enterprise SOC environments, supporting long-term investigations, threat hunting, and compliance monitoring. From our Phoenix, Arizona base, we serve organizations across North America with scalable, high-speed packet analysis tools, enabling deep visibility without the complexity of proprietary solutions. Our expert deployment and tuning services ensure clients get the most out of Arkime’s advanced filtering, session extraction, and real-time performance.

Core Components

Software

  • Arkime packet capture engine (pcap-based) with advanced indexing
  • Elasticsearch backend for metadata storage and querying
  • Web UI for intuitive navigation, tagging, and session export

Hardware

  • High-capacity storage arrays (e.g., RAID 10 SSD/NVMe) for multi-week capture retention
    Ideal when combined with Ethernet Media Converters to interface with diverse traffic sources while maintaining signal integrity.
  • Dual- or quad-CPU servers with 10G/40G NICs for high-throughput ingestion
    Best utilized alongside XFP Transceivers to support scalable, high-speed data processing between network segments.
  • Redundant power and cooling systems for 24/7 operational uptime
    Can be paired with Fiber Distribution Terminal units to centralize resilient infrastructure in telecom and enterprise environments.

Cloud Services

  • Hybrid deployment support with AWS S3, Google Cloud Storage archiving
  • Encrypted remote access and data streaming for distributed analysis
  • Optional integration with third-party SIEMs for alert correlation

Key Features and Functionalities

  • High-performance packet capture with customizable filters
  • Indexed search and timeline-based session exploration
  • Metadata extraction for DNS, HTTP, SSL/TLS, and email protocols
  • Replay and export capabilities in PCAP or JSON format
  • Built-in tagging and multi-user access controls

Integrations

  • Seamless integration with Suricata, Zeek, Wazuh, and Bro logs
  • Compatible with Elasticsearch, Kibana, and Security Onion stacks
  • Supports RESTful API for automation and toolchain connection

Compatibility

  • CentOS, RHEL, Ubuntu, and Debian server environments
  • Hardware-based or virtualized deployments
  • Docker-ready for containerized SOC environments

Benefits

  • Weeks-to-months of packet retention with instant recall
  • Rapid breach investigation and historical traffic reconstruction
  • Low-cost open-source alternative to commercial capture systems
  • Flexible integration with open SOC architectures

Applications

  • Digital forensics and incident response (DFIR)
  • Insider threat investigations and data exfiltration detection
  • Session reconstruction for law enforcement and compliance audits
  • Long-term archiving of sensitive network segments

Industries

  • Financial Services and Insurance
  • Government & Public Sector
  • Higher Education & Research
  • Cloud & SaaS Providers
  • Telecommunications

Relevant U.S. & Canadian Standards and Regulations

  • NIST 800-61
  • PCI DSS
  • CJIS
  • GDPR (applicable in hybrid compliance contexts)
  • PIPEDA (Canada)

Case Studies

Case Study 1 – University SOC (Ann Arbor, Michigan)

A major public university deployed Moloch (Arkime) across its internal network to support its SOC. With NetworkTestingTech’s guidance, the team was able to analyze campus-wide attacks and maintain six months of historical packet data, aiding incident response and policy compliance.

Case Study 2 – Defense Contractor (Arlington, Virginia)

A U.S. defense subcontractor worked with NetworkTestingTech to integrate Arkime alongside Zeek and Wazuh in their closed-network environment. This deployment enabled deep retrospective analysis, helping analysts trace suspicious traffic and pinpoint command-and-control callbacks.

Case Study 3 – Cybersecurity Lab (Toronto, Canada)

A Canadian research institution focusing on threat intelligence used Arkime for multi-week packet inspection and visualization. With support from NetworkTestingTech, the lab conducted simulated attacks and validated detection strategies with replayable traffic flows and extracted indicators.

Want to capture and analyze every packet in your environment with precision?

Contact NetworkTestingTech today for deployment assistance, customization services, or a guided demo of Moloch (Arkime). Let us help you stay ahead of threats with clarity and control.

Reach Out Today

Contact Us

Want to capture and analyze every packet in your environment with precision? Contact NetworkTestingTech today for deployment assistance, customization services, or a guided demo of Moloch (Arkime). Let us help you stay ahead of threats with clarity and control.

Reach Out Today