Moloch Logo

Moloch is a large scale, open source, full packet capturing, indexing, and database system.

Moloch is not meant to replace Intrusion Detection Systems (IDS). Moloch augments your current security infrastructure by storing and indexing network traffic in standard PCAP format, while also providing fast indexed access. Moloch is built with an intuitive UI/UX which reduces the analysis time of suspected incidents.
The owl takes security seriously! Access to Moloch is protected by using HTTPS with digest passwords or by using an authentication providing web server proxy. All PCAPs are stored on the installed Moloch sensors and are only accessed by utilizing the Moloch interface or API.
Moloch is designed to be deployed across multiple clustered systems providing the ability to scale to handle multiple gigabits/sec of traffic. PCAP retention is based on available sensor disk space while metadata retention is based on the scale of the Elasticsearch cluster. Both rentention sizes can be increased at anytime as they are under your complete control.
An intuitive web interface is provided for PCAP browsing, searching, analysis, and PCAP carving for exporting. Moloch stores and exports all packets in standard PCAP format allowing you to use your favorite PCAP ingesting tools, such as wireshark, during your analysis workflow.
APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly.

Moloch Demo View

We have a demo instance of Moloch running for you to explore and upload sample capture files to interact with; Wet your beak and give Moloch a try!

  Username and password are both "moloch".
  Warning: Anyone can see anything you upload.

Session tab screenshot

On the Sessions tab you can view indexed sessions for the selected time period.

  The search bar allows for powerful search queries to narrow down the data. Click the owl for available fields.

  Get more information about any session and view the session's packet data by clicking the green "+" button.

  Click any of the links in the session information to apply search criteria.

  Click and drag an area in the timeline to filter sessions by time.

  You can export search results as PCAP or CSV by clicking the "Actions" drop down menu on the top right.

  Tip: right click for more options.

SPI View
SPI View tab screenshot
SPI View

The SPI View tab allows you you to view unique values with session counts for each of the captured fields. Change your search query or selected time period to limit results.

  Click any row to expand its contents.

  Click any of the links in the expanded section to apply search criteria. Right click for more options!

  Tip: Right click to change which fields automatically loaded.

SPI Graph
SPI Graph tab screenshot
SPI Graph

The SPI Graph tab shows a temporal view for the top unique values of any field.

  Click and drag an area in the timeline to filter statistics by time.

  Make a selection from the SPI Graph drop down to view the unique values for different fields.

Connections tab screenshot

On the Connections tab you can view a network graph of your search results.

  Click and drag a node to lock it into place in the graph.

  Click on a node to view more information or hide it.

  Make a selection from the Src and Dst drop downs to visualize your data based upon different captured field relationships.

Stats tab screenshot

On the Stats tab you can view statistics about each Molcoh capture node and Elasticsearch node.

  Click on a table header to sort the table.

  Enter text into the node filter input box to search the results.


We have started offering official rpm and deb builds of Moloch for CentOS and Ubuntu 64bit machines.

These are still experiemental and we are looking for feedback and improvements.

Please open a Github Issue for any suggestions or problems. After installing package please read /data/moloch/README.txt for post install instructions.

Moloch 0.16.0 Ubuntu 14.04 deb Ubuntu 16.04 deb CentOS 6 rpm CentOS 7 rpm
Moloch 0.15.1 Ubuntu 14.04 deb Ubuntu 16.04 deb CentOS 6 rpm
Moloch 0.15.0 Ubuntu 14.04 deb Ubuntu 16.04 deb CentOS 6 rpm
Nightly Builds Ubuntu 14.04 deb Ubuntu 16.04 deb CentOS 6 rpm CentOS 7 rpm


Find help by reading the FAQs at Github or ask a question in the Moloch Google Group.


We maintain a FAQ on our Wiki at GitHub.


Join the moloch-fpc Google Group.


Join our Slack server to discuss Moloch.