Network Monitor Freemium

Identify Emerging Threats on Your Network in Real Time


Transform your physical or virtual system into a network forensics sensor in a matter of minutes for free with NetMon Freemium. Your investigations will come together effortlessly with extensive corresponding metadata, full packet capture, and customizable advanced correlation.

Figure 1: Test



6 Ways You Can Use NetMon Freemium

  1. Surface data exfiltration activities: Identify long-running sessions, “low and slow” sessions hidden in normal traffic, anomalous outbound network sessions, and other activities indicative of data exfiltration.
  2. Discover operational anomalies: Verify that you aren’t seeing protocols or traffic that you think you’ve blocked or traffic between systems that should be isolated from each other.
  3. Find hiding security threats: Catch security threats hiding in low-level chatty protocol like DNS, SMNP, or Kerberos.
  4. Detect botnets and beaconing: Identify traffic using anomalous ports. View malformed packet headers. Recognize command and control callbacks.
  5. Expose nuisance apps and bandwidth hogs: Discover when apps that are against corporate policy are being used. Find out who or what is taking up the most bandwidth.
  6. See where your network traffic is going: Identify outbound IP and URL destinations and classify traffic by ingress, egress or lateral motion in your network.


Win a Trip to Black Hat USA 2017

Courtesy of LogRhythm NetMon Freemium

Enter Today!


Rule Your Network

DDPI icon

True Application Identification: Identify over 3,000 applications to expedite network forensics using advanced classification methods and a commercial-grade deep packet inspection (DPI) engine.

Full Packet Capture icon

Full Packet Capture: Capture every bit crossing your network or use SmartCapture™ to selectively capture sessions based on application or packet content. All captures are stored in industry-standard PCAP format.

Deep Packets icon

Deep Packet Analytics (DPA): Continuously correlate against full packet payload and SmartFlow™ metadata using out-of-the-box rules and customizable scripts.

Search icon

Unstructured Search: Perform ad hoc analysis. Drill down to critical flow and packet data quickly. With our Elasticsearch backend, you have a “Google-like” search engine to streamline your investigation.

Full Packet Capture icon

Alerts & Dashboards: Perform continuous, automated analysis on saved searches to immediately detect when specific conditions are met, and then surface these instances through customizable analyst dashboards.

Application Data icon

File Reconstruction: Reconstruct email file attachments to support malware analysis and data loss monitoring.



NetMon Freemium vs. Full Commercial License

NetMon Freemium comparison table screenshot

Click to expand and show full comparison table.

NetMon Freemium provides the same functionality as a full Network Monitor license, but with limits on processing, packet storage, and data forwarding. All other features and functionality are enabled and usable, including unstructured search, deep packet analytics, packet capture, and more.


Download NetMon Freemium

Ready to employ Network Monitor Freemium and evaluate our network monitoring capabilities?

Get the Download


NetMon Freemium Deployment Scenarios

To read more about the deployment scenarios, click on the images below:

On your own server:
For maximum performance

On a mini-PC:
For small and affordable deployments

Via a VM running on a laptop:
For capturing local traffic to/from your PC


Minimum Requirements for NetMon Freemium

For best results, a dedicated system that meets the requirements found in the FAQ is recommended. However, NetMon Freemium can be configured to run on a smaller footprint as described on the right.

NetMon Freemium is Linux-based. The NetMon Freemium installer includes CentOS 7.2 Minimal and Network Monitor.

  • Free disk space: 60 GB
  • Memory: 12 GB RAM recommended, 8 GB RAM minimum
  • CPU/Processor: 4 cores recommended, 2 cores minimum
  • Network Interface Controllers (NICs): 2 1Gbps NICs recommended, 1 1Gbps NIC minimum


As an early adopter, I’ve found that LogRhythm Network Monitor is one of the most compelling tools for analyzing traffic and is an excellent resource for analysis.

Backed by Experts

NetMon Freemium is supported by our Community, which is staffed with NetMon experts, from in-house developers, to professional support, to experienced customers. Ask questions, watch tutorials, download full documentation.

Join the NetMon Community