Asi implementing-network-traffic-analysis-with-arkime
install
source · Clone the upstream repo
git clone https://github.com/plurigrid/asi
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/plurigrid/asi "$T" && mkdir -p ~/.claude/skills && cp -r "$T/plugins/asi/skills/implementing-network-traffic-analysis-with-arkime" ~/.claude/skills/plurigrid-asi-implementing-network-traffic-analysis-with-arkime && rm -rf "$T"
manifest:
plugins/asi/skills/implementing-network-traffic-analysis-with-arkime/SKILL.mdsource content
Implementing Network Traffic Analysis with Arkime
When to Use
- When deploying or configuring implementing network traffic analysis with arkime capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Familiarity with network security concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
Instructions
- Install dependencies:
pip install requests - Configure Arkime viewer URL and credentials.
- Run the agent to query Arkime sessions and analyze traffic:
- Search sessions by IP, port, protocol, or expression
- Download PCAP data for forensic analysis
- Detect C2 beaconing via connection interval analysis
- Identify DNS tunneling through query length statistics
- Flag connections to known-bad TLS certificate issuers
python scripts/agent.py --arkime-url https://arkime.local:8005 --user admin --password secret --output arkime_report.json
Examples
Beaconing Detection
Source: 10.1.2.50 -> 185.220.101.34:443 Sessions: 288 over 24 hours Avg interval: 300s, Jitter: 4.2% Verdict: HIGH confidence C2 beaconing (jitter < 5%)