Abstract: A solution is provided for associating network traffic traversing on a networked environment according to a selected category item, such as a user name or other network entity identity-related information, by using a monitor device. The solution includes: obtaining user information from the directory service by obtaining at least one set of user object attributes from the directory service; identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a user ID and a network address from the authentication exchange packet; filtering or selecting packets traversing on the network environment that each have a network address equivalent to the extracted network address; and associating packets that were selected with user information having a name attribute equivalent to the extracted user ID.

Abstract: A solution for transparently verifying the authentication of a real user includes a monitor that receives network packets and a collector. The monitor identifies an authentication exchange packet from network traffic, extracts information from the packet and sends it to the collector, which obtains objects from a directory service and determines if the information includes a user name equivalent to a name attribute in an object. If so, authentication is deemed verified. For additional verification, the monitor extracts from the packet a destination address if it is an response packet, or a source address if it is a request packet. Monitor sends the extracted address to the collector, which uses the extracted address to obtain a hostname and determines whether a user account associated with the name attribute is active on a computing device having the hostname. If so, the authentication of the real user is deemed further verified.

Abstract: A solution is provided for associating network traffic traversing on a networked environment according to a selected category item, such as a user name or other network entity identity-related information, by using a monitor device. The solution includes: obtaining user information from the directory service by obtaining at least one set of user object attributes from the directory service; identifying at least one authentication exchange packet from packets traversing on the networked environment; extracting a user ID and a network address from the authentication exchange packet; filtering or selecting packets traversing on the network environment that each have a network address equivalent to the extracted network address; and associating packets that were selected with user information having a name attribute equivalent to the extracted user ID.