You cannot monitor network calls using the types you mentioned. Monitoring network calls requires more permissions than a user is going to have and AFAIK .NET doesn't have the necessary infrastructure to do it anyway.
As a first pass I'd lean toward adjusting the firewall to block everything. Perhaps this could also be done using a group policy. If the computers are dedicated to training then a network policy could be configured to allow only certain software to run and this would naturally exclude browsers. Of course all this assumes your LMS isn't trying to connect to the network either, which it probably is. Therefore you cannot just block network access but rather need to identify the whitelist of things that should be allowed. Alternatively set up a test network that doesn't have INet connectivity and force the machine to use that instead of the standard adapter.
None of this is supported in .NET. You could programmatically call out to Win32 for some things but you'll need to dig through the Win32 API to see what calls you might need to make. A network policy probably makes the most sense for dedicated machines. Alternatively you would need to trigger the policy on startup of your app and ensure it gets reset on shutdown. If something goes wrong your policies are messed up. This completely ignores the fact that any domain policies may stomp over this as well.
In the learning labs I've seen set up the domain admins put the test machines on a dedicate network that doesn't even have INet access. The machines can connect to the intranet for the learning software and that's it. This solves the problem completely. This is all network infrastructure stuff though, nothing you'd do as part of your software. Trying to do this on a random machine is just not going to work though. There are way too many ways to work around it.