MONITORING NETWORK TRAFFIC BY USING A MONITOR DEVICE
First Claim
1. A computer implemented method comprising:
- at a network device configured to couple with a network, obtaining user information from a directory service, by obtaining at least one user object attribute set from the directory service;
identifying at least one authentication exchange packet from packets traversing the network;
extracting a first user ID and a first network address from the authentication exchange packet;
filtering packets traversing the network that each have a network address equivalent to the first network address; and
associating packets found in the filtering with the user information having a user name attribute equivalent to the first user ID.
1 Assignment
0 Petitions
Accused Products
Abstract
A solution is provided for associating network traffic traversing on a networked environment according to a selected category item, such as a user name or other network entity identity-related information, by using a monitor device. The solution includes: obtaining user information from the directory service by obtaining at least one set of user object attributes from the directory service; identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a user ID and a network address from the authentication exchange packet; filtering or selecting packets traversing on the network environment that each have a network address equivalent to the extracted network address; and associating packets that were selected with user information having a name attribute equivalent to the extracted user ID.
-
Citations
34 Claims
-
1. A computer implemented method comprising:
-
at a network device configured to couple with a network, obtaining user information from a directory service, by obtaining at least one user object attribute set from the directory service; identifying at least one authentication exchange packet from packets traversing the network; extracting a first user ID and a first network address from the authentication exchange packet; filtering packets traversing the network that each have a network address equivalent to the first network address; and associating packets found in the filtering with the user information having a user name attribute equivalent to the first user ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus comprising:
-
a memory; and one or more processors configured to; obtain user information from a directory service, by obtaining at least one user object attribute set from the directory service, the apparatus configured to couple with a network; identify at least one authentication exchange packet from packets traversing the network; extract a first user ID and a first network address from the authentication exchange packet; filter packets traversing the network that each have a network address equivalent to the first network address; and associate packets found in the filtering with the user information having a user name attribute equivalent to the first user ID. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer program embodied on at least one computer-readable medium for executing a method, the method comprising:
-
at a network device configured to couple with a network, obtaining user information from a directory service, by obtaining at least one user object attribute set from the directory service; identifying at least one authentication exchange packet from packets traversing the network; extracting a first user ID and a first network address from the authentication exchange packet; filtering packets traversing the network that each have a network address equivalent to the first network address; and associating packets found in the filtering with the user information having a user name attribute equivalent to the first user ID.
-
-
34. An apparatus comprising:
-
a memory; means for, at a network device configured to couple with a network, obtaining user information from a directory service, by obtaining at least one user object attribute set from the directory service; means for identifying at least one authentication exchange packet from packets traversing the network; means for extracting a first user ID and a first network address from the authentication exchange packet; means for filtering packets traversing the network that each have a network address equivalent to the first network address; and means for associating packets found in the filtering with the user information having a user name attribute equivalent to the first user ID.
-
Specification