A powerful, easily deployable network traffic analysis tool suite

Quick Start



Supported Protocols




Hedgehog Linux

Contribution Guide


Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind:

Although all the open-source tools that make up Malcolm are already available and in general use, Malcolm provides a framework of interconnectivity that makes it greater than the sum of its parts.

In short, Malcolm provides an easily deployable network analysis tool suite for full PCAP files and Zeek logs. While Internet access is required to build Malcolm, internet access is not required at runtime.


See the Malcolm documentation.

Share your feedback

You can help steer Malcolm’s development by sharing your ideas and feedback. Please take a few minutes to complete this survey ↪ (hosted on Google Forms) so we can understand the members of the Malcolm community and their use cases for this tool.

Malcolm is Copyright 2024 Battelle Energy Alliance, LLC, and is developed and released through the cooperation of the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security.

Malcolm is licensed under the Apache License, version 2.0. See LICENSE.txt for the terms of its release.

Contact information of author(s):