This is not directly in answer to your question, but I have put monitoring software (tcpdump) watching a user’s IP address and then massaging the output to provide HR with definitive evidence of misconduct.
However, I wouldn’t touch anything like that without HR’s blessing. I don’t need a lawsuit in my life.
As for other approaches – You can simply configure a router or firewall to block the traffic – just sniff it first to make sure you have all the right values.
If you’re in a DHCP environment, configure the DHCP server to lock down the user’s IP address to a known value to keep them from moving around.