1. True Application Identification: Automatically identify over 3,000 applications to expedite network forensics with advanced classification methods and deep packet inspection.
2. SmartFlow™ Session Classification: Recover Layer 7 application details and packet data for all sessions.
3. Deep Packet Analytics (DPA): Automate threat detection by correlating against full packet payload and SmartFlow data using out-of-the-box rules and customizable scripts.
4. Full Packet Capture: See every bit that crosses your network with Layer 2–7 packet capture stored in industry-standard PCAP format.
5. SmartCapture™: Automatically capture sessions based on application or packet content to preserve the information you need. Unstructured Search: Drill down to critical packet and flow data with our Elasticsearch backend to streamline your investigation.
6. File Reconstruction: Reconstruct email file attachments to support malware analysis and data loss monitoring.
7. Alerts & Dashboards: Surface continuous, automated analysis on saved searches through customizable analyst dashboards.
8. API Integration: Provide third-party tools access to session-based packet captures and reconstructed files.
9. Flexible Deployment for Network Monitoring: Choose the right NetMon deployment for your environment

• Highly scalable 10 Gbps appliances: Appliances that can keep up as the demands of your network grow
• Software appliances for remote sites: A cost-effective and flexible solution for monitoring low-bandwidth remote sites starting at 10 Mbps
• Integrate with existing monitoring infrastructure: Whether via span port, tap, or network packet broker, our passive sensors easily integrate with your infrastructure or SIEM
• Virtual sensor: A virtual sensor for virtual switches improves your visibility into your cloud infrastructure

1. Live sniffing upto 800 Mbps
2. Parse PCAP files
3. Parse PcapNG files
4. IPv6 support
5. Extract files, emails from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3 and IMAP traffic
6. Extract X.509 certificates from SSL encrypted traffic like HTTPS, SMTPS, IMAPS, POP3S, FTPS etc.
7. Decapsulation of GRE, 802.1Q, PPPoE, VXLAN, OpenFlow, SOCKS, MPLS and EoMPLS
8. Receive Pcap-over-IP
9. Runs in Windows and Linux
10. OS Fingerprinting (*)
11. Audio extraction and playback of VoIP calls
12. OSINT lookups of file hashes, IP addresses, domain names and URLs
13. Port Independent Protocol Identification (PIPI)
14. User Defined Port-to-Protocol Mappings (decode as)
15. Export to CSV / Excel / XML / CASE / JSON-LD
16. Configurable file output directory
17. Configurable time zone (UTC, local or custom)
18. Geo IP localization (**)
19. DNS Whitelisting (***)
20. Advanced OS fingerprinting
21. Web browser tracing
22. Online ad and tracker detection
23. Host coloring support
24. Command line scripting support
25. High-Speed PCAP parsing speed (****): Gui version (Upto 10 MB/s) - CLI version (Upto 20 MB/s)

*Opensource*

1. NetworkMiner
2. Hakabana: http://www.haka-security.org/hakabana.html
3. USArmyResearchLab: https://github.com/USArmyResearchLab/Dshell

Commercial

1. https://www.paessler.com/network_traffic_analyzer?gclid=CjwKCAiA35rxBRAWEiwADqB378s7trPvNYLBl_ci7_v0Q925edHHmUo3yp3y03hR61KelMDcrt0SkxoCpgIQAvD_BwE
2. Xplico: https://www.xplico.org/