NetMon API Calls

Here are a few examples of how to make NetMon API calls with several tools.

Postman

📘
When using any of the following examples, be sure to replace any variables such as API key, NetMon IP address, and session ID with valid values for your deployment.

If you do not have Postman already, download and install it, and then create an account.
If you are using a default NetMon self-signed SSL certificate, open the Postman settings and set the SSL certificate verification to OFF.
From the menu to the left of the request URL, select the proper request method. The default is GET.
Type the NetMon URL into the request URL bar, https://(IP Address)/api/(route), replacing (IP Address) with the IP address of your NetMon, reachable from the machine running Postman, and (route) with the NetMon API route to make your request against.
Click the Authorization tab for the request, and then select Bearer Token from the TYPE menu.
In the Token field, enter the NetMon user’s API token.
(Optional.) To include a body with your request:
a. If your request body includes JSON, click the Headers tab, and then add a Content-Type key where the value for that key is application/json. Then click the Body tab, select raw, and type your request JSON body in the field.
b. If your request body includes a file, click the Body tab, and then add a file key. Point to the key field, click the Text menu, and then select File. In the value field, click Select Files, and then select the file to include in your request.
If you expect to download a file, such as with the /api/session/(sessionID)/pcap route, click the Send drop-down, and then select Send and Download. Otherwise, click Send.

curl

📘
When using any of the following examples, be sure to replace any variables such as API key, NetMon IP address, and session ID with valid values for your deployment.
This guide assumes that you are familiar with bash variables.

NetMon API curl for Linux

Bash prompt examples:

netmonAPIToken=abcdef0123456789
netmonIP=1.2.3.4
# Make a GET request to systemInfo for details about the target NetMon deployment
# The --insecure flag must be included if you are using the default NetMon self-signed ssl cert,
# if you have added a trusted certificate to NetMon, the --insecure flag can be omitted in your curl calls
curl --insecure -H "Authorization: Bearer $netmonAPIToken" -X GET https://${netmonIP}/api/systemInfo -o NetMon${netmonIP}SystemInfoResponse.json
# Make a POST request to the search route for a specific session's metadata
sessionID=abcdef0123456789
curl --insecure -H "Authorization: Bearer $netmonAPIToken" --header 'Content-Type: application/json' -X POST https://${netmonIP}/api/search --data '{"query":{"term":{"Session":"'$sessionID'"}}}' > SessionMetadata-${sessionID}.json
# Make a POST request to upload a license file
curl --insecure -H "Authorization: Bearer $netmonAPIToken" --form 'file=@/path/to/LicenseFile.lic' -X POST https://${netmonIP}/api/licenses -o NetMon${netmonIP}LicenseUploadResponse.json
# Make another POST to reboot the NetMon to apply the license
curl --insecure -H "Authorization: Bearer $netmonAPIToken" -X POST https://${netmonIP}/api/system/actions/reboot -o NetMon${netmonIP}RebootResponse.json
# Make a PUT to restart the NetMon services
curl --insecure -H "Authorization: Bearer $netmonAPIToken" -X PUT https://${netmonIP}/api/services/actions/restart -o NetMon${netmonIP}RestartServicesResponse.json
# Make a GET request to download a PCAP .zip for a session (NOTE: it takes time for the PCAP .zip to be
# constructed before the download will start, please be patient)
curl --insecure -H "Authorization: Bearer $netmonAPIToken" -X GET https://${netmonIP}/api/session/${sessionID}/pcap -o NetMon${netmonIP}PCAPForSession-${sessionID}.zip

NetMon API curl for Windows

📘
This guide assumes that you have downloaded the proper Windows curl version for your OS (32 or 64-bit) and have added the path to the folder containing the curl.exe executable to your Windows Path environment variable. Alternatively, you can make these calls from within the folder that contains curl.exe.

$netmonAPIToken="abcdef0123456789"
$netmonIP="1.2.3.4"
# Make a GET request to systemInfo for details about the target NetMon deployment
# The --insecure flag must be included if you are using the default NetMon self-signed ssl cert,
# if you have added a trusted certificate to NetMon, the --insecure flag can be omitted in your curl calls
curl.exe --insecure -H "Authorization: Bearer $netmonAPIToken" -X GET https://${netmonIP}/api/systemInfo -o NetMon${netmonIP}SystemInfoResponse.json
# Make a POST request to the search route for a specific session's metadata
$sessionID="abcdef0123456789"
curl.exe --insecure -H "Authorization: Bearer $netmonAPIToken" --header "Content-Type: application/json" -X POST https://${netmonIP}/api/search --data "{\"query\":{\"term\":{\"Session\":\"$sessionID\"}}}" -o SessionMetadata-${sessionID}.json
# Make a POST request to upload a license file
curl.exe --insecure -H "Authorization: Bearer $netmonAPIToken" --form "file=@D:\path\to\LicenseFile.lic" -X POST https://${netmonIP}/api/licenses -o NetMon${netmonIP}LicenseUploadResponse.json
# Make another POST to reboot the NetMon to apply the license
curl.exe --insecure -H "Authorization: Bearer $netmonAPIToken" -X POST https://${netmonIP}/api/system/actions/reboot -o NetMon${netmonIP}RebootResponse.json
# Make a PUT to restart the NetMon services
curl.exe --insecure -H "Authorization: Bearer $netmonAPIToken" -X PUT https://${netmonIP}/api/services/actions/restart -o NetMon${netmonIP}RestartServicesResponse.json
# Make a GET request to download a PCAP .zip for a session (NOTE: it takes time for the PCAP .zip to be
# constructed before the download will start, please be patient)
curl.exe --insecure -H "Authorization: Bearer $netmonAPIToken" -X GET https://${netmonIP}/api/session/${sessionID}/pcap -o NetMon${netmonIP}PCAPForSession-${sessionID}.zip

wget

This section covers use of the CLI tool wget for Linux. In most cases, curl is a better tool for interacting with the NetMon API.

📘
When using any of the following examples, be sure to replace any variables such as API key, NetMon IP address, and session ID with valid values for your deployment.
This guide assumes that you are familiar with bash variables.
At the time of this writing, wget does not support multipart/form-data, so it cannot be used to upload files to the NetMon API.

NetMon API wget

Bash prompt examples:

netmonAPIToken=abcdef0123456789
netmonIP=1.2.3.4
outputFilename=NetMon${netmonIP}SystemInfoResponse.json
# Make a GET request to systemInfo for details about the target NetMon deployment
# The --no-check-certificate flag must be included if you are using the default NetMon self-signed ssl cert,
# if you have added a trusted certificate to NetMon, the --no-check-certificate flag can be omitted in your wget calls
wget --no-check-certificate --auth-no-challenge --header="Authorization: Bearer $netmonAPIToken" http://${netmonIP}/api/systemInfo -O NetMon${netmonIP}SystemInfoResponse.json
# Make a POST request to the search route for a specific session's metadata
sessionID=abcdef0123456789
wget --no-check-certificate --auth-no-challenge --header="Authorization: Bearer $netmonAPIToken" --header="Content-Type: application/json" --post-data='{"query":{"term":{"Session":"'$sessionID'"}}}' https://${netmonIP}/api/search -O SessionMetadata-${sessionID}.json
# Make a POST to reboot the NetMon to apply the license
wget --no-check-certificate --auth-no-challenge --header="Authorization: Bearer $netmonAPIToken" --method=POST  https://${netmonIP}/api/system/actions/reboot -O NetMon${netmonIP}RebootResponse.json
# Make a PUT to restart the NetMon services
wget --no-check-certificate --auth-no-challenge --header="Authorization: Bearer $netmonAPIToken" --method=PUT  https://${netmonIP}/api/services/actions/restart -O NetMon${netmonIP}RestartServicesResponse.json
# Make a GET request to download a PCAP .zip for a session (NOTE: it takes time for the PCAP .zip to be
# constructed before the download will start, please be patient)
wget --no-check-certificate --auth-no-challenge --header="Authorization: Bearer $netmonAPIToken" http://${netmonIP}/api/session/${sessionID}/pcap -O NetMon${netmonIP}PCAPForSession-${sessionID}.zip

Python

📘
When using any of the following examples, be sure to replace any variables such as API key, NetMon IP address, and session ID with valid values for your deployment.
This guide assumes that you already have Python and PIP installed and are familiar with Python scripting. The following examples work with both Python 2.x and Python 3.x.
Before you start, you need to install python requests:
python -m pip install requests
If you already have python requests, you may want to update it to the latest version:
python -m pip install --upgrade requests

NetMon API Python Request Examples

import os # we will use this in a later example
import requests
from pprint import pprint
# If you are using the default NetMon self-signed ssl cert, you will probably want to disable
# python-requests' internal urllib3 insecure request warnings
from requests.packages.urllib3.exceptions import InsecureRequestWarning
from requests.packages.urllib3 import disable_warnings
disable_warnings(InsecureRequestWarning)
application_json_header = {'Content-Type': 'application/json'}
netmon_ip = '1.2.3.4'
username = 'admin'
api_token = 'abcdef0123456789'
session_id = 'abcdef0123456789'
headers = {
    "Authorization": f"Bearer {api_token}",
    "Accept": "application/json"
}
# Make a GET request to systemInfo for details about the target NetMon deployment
system_info_route = 'https://{}/api/systemInfo'.format(netmon_ip)
# The verify parameter must be set to False if you are using the default NetMon self-signed ssl cert,
# if you have added a trusted certificate to NetMon, the verify=False can be omitted in your request calls
response = requests.get(system_info_route, auth=auth, verify=False)
pprint(response.json())
# Make a POST request to the search route to retrieve a specific session's metadata
search_route = 'https://{}/api/search'.format(netmon_ip)
query_body = {
                'query': {
                    'term': {
                        'Session': session_id
                    }
                }
            }
response = requests.post(search_route, headers=headers, json=query_body, headers=application_json_header, verify=False)
pprint(response.json())
# Make a POST request to upload a license file
licenses_route = 'https://{}/api/licenses'.format(netmon_ip)
filepath = '/path/to/LicenseFile.lic'
with open(filepath, 'rb') as file_to_upload:
    files = {'file': file_to_upload}
    response = requests.post(licenses_route, headers=headers, files=files, verify=False)
pprint(response.json())
# Make another POST to reboot the NetMon to apply the license
reboot_route = 'https://{}/api/system/actions/reboot'.format(netmon_ip)
response = requests.post(reboot_route, headers=headers, verify=False)
pprint(response.json())
# Make a PUT to restart the NetMon services
restart_services_route = 'https://{}/api/services/actions/restart'.format(netmon_ip)
response = requests.put(restart_services_route, headers=headers, verify=False)
pprint(response.json())
# Make a GET request to download a PCAP .zip for a session
pcap_route = 'https://{0}/api/session/{1}/pcap'.format(netmon_ip, session_id)
application_7z_header = {'Content-Type': 'application/x-7z-compressed'}
download_filename = 'NetMon{0}PCAPForSession-{1}.zip'.format(netmon_ip, session_id)
with requests.get(pcap_route, headers=headers, headers=application_7z_header, stream=True, verify=False) as response:
    response.raise_for_status()
    with open(download_filename, 'wb') as outfile:
        for chunk in response.iter_content(chunk_size=4096):
            if chunk:
                outfile.write(chunk)
print('PCAP .zip for session {0} saved to {1}'.format(session_id, os.path.join(os.getcwd(), download_filename)))