# NIC List

## Overview

**Evidence:** NIC List\
**Description:** List ESXi NICs\
**Category:** Network\
**Platform:** esxi\
**Short Name:** niclist\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

Physical network interface cards (NICs) connect ESXi hosts to network infrastructure. NIC configuration and status information reveals network connectivity, adapter associations, link states, and potential hardware tampering or unauthorized network device additions.

## Data Collected

This collector gathers structured data about nic list.

### NIC List Data

| Field         | Description | Example       |
| ------------- | ----------- | ------------- |
| `Name`        | Name        | Example value |
| `PCI`         | PCI         | Example value |
| `Driver`      | Driver      | Example value |
| `Link`        | Link        | Example value |
| `Speed`       | Speed       | Example value |
| `Duplex`      | Duplex      | Example value |
| `MAC`         | MAC         | Example value |
| `MTU`         | MTU         | 123           |
| `Description` | Description | Example value |

## Collection Method

This collector parses NIC enumeration data, extracting interface names, descriptions, MAC addresses, PCI device information, driver details, link states, speeds, duplex settings, and administrative status for each physical network adapter.

## Forensic Value

NIC inventory helps validate physical network connections, detect rogue network adapters, identify driver-based attacks or rootkits, and trace network paths used during incidents. MAC addresses and PCI information assist in hardware identification and change detection.