In communications networks, network packets are sent and received by network components. Network packets may be intercepted in transit over a network for the purpose of network traffic monitoring and analysis. A network manager may utilize the network traffic analysis data for managing the network to keep network packet traffic flowing efficiently.
Network analysis equipment and software have been developed for intercepting network packets and performing monitoring, analysis and reporting functions based on the intercepted packets. An example of network analysis equipment or software that monitors and analyzes network traffic is known as a sniffer. A sniffer may capture packets, and the packets may be analyzed to detect bottlenecks and other network problems. A sniffer may be implemented in a network router. A typical network router reads every packet of data passed to it, and determines whether it is intended for a destination within the router's own network or whether it should be passed further along the network. A router with a sniffer may be able to read the data in the packet as well as the source and destination addresses.
A sniffer may display captured network data to a network manager via a graphic user interface (GUI). However, conventional sniffers may only recognize packet address information. These tools may not provide identification of the network user that is the source of the captured network packet. Further, MAC and IP address may be spoofed by an originator of network traffic. In the case of spoofing, the network manager would be unable to determine the source equipment of the network traffic. It may be advantageous for a network administrator to be able to more effectively associate network traffic with the network user that originated the network packet.
Accordingly, there exists a need for improved methods, systems, and computer program products for associating an originator of a network packet with the network packet.