Which integrations are available for this server?

Provides tools for monitoring Arkime cluster health including OpenSearch version, node count, and shard status through the capture_status tool.

How do I use arkime-mcp-server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@arkime-mcp-server search for connections to suspicious domains in the last hour" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

arkime-mcp-server

An MCP server for Arkime full packet capture. Lets AI assistants search network sessions, investigate traffic patterns, and monitor capture health.

Tools

Tool	Description
`search_sessions`	Search sessions with Arkime expressions, returns source/dest IPs, ports, protocols, bytes, geo, and AS info
`get_session_detail`	Full decoded protocol detail for a single session
`get_session_packets`	Decoded packet data for a session
`top_talkers`	Top N values for any field by session count (hosts, ports, domains, etc.)
`connections_graph`	Network connection graph — nodes and links with byte/packet/session counts
`unique_destinations`	Distinct external IPs contacted by an internal host
`dns_lookups`	DNS queries captured in traffic, filterable by domain pattern or source IP
`reverse_dns`	PTR/reverse DNS lookup for an IP
`external_connections`	Sessions going to non-RFC1918 destinations, sorted by bytes
`geo_summary`	Destination traffic breakdown by country
`capture_status`	Arkime cluster health — node count, shard status, OpenSearch version
`pcap_files`	PCAP capture files with sizes, packet counts, and time ranges
`list_fields`	Available Arkime session fields for use in search expressions

Setup

npm install
npm run build

Configuration

Set environment variables:

Variable	Required	Default	Description
`ARKIME_URL`	No	`http://192.168.5.176:8005`	Arkime viewer URL
`ARKIME_USER`	No	`mcp`	Arkime API username
`ARKIME_PASSWORD`	Yes	—	Arkime API password

Usage with Claude Code

Add to your MCP settings (e.g., .mcp.json):

{
  "mcpServers": {
    "arkime": {
      "command": "node",
      "args": ["/path/to/arkime-mcp-server/build/index.js"],
      "env": {
        "ARKIME_PASSWORD": "your-password"
      }
    }
  }
}

Authentication

Arkime uses HTTP Digest authentication. The server handles this via the digest-fetch library.

License

MIT

This server cannot be installed

F

license - not found

-

quality - not tested

C

maintenance

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

arkime-mcp-server

arkime-mcp-server

Tools

Setup

Configuration

Usage with Claude Code

Authentication

License

Resources

Looking for Admin?

Latest Blog Posts

MCP directory API