# Routes

## Overview

**Evidence:** Routes\
**Description:** List Routes\
**Category:** Network\
**Platform:** esxi\
**Short Name:** routes\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

ESXi network routing entries reflect layer-3 reachability and ARP neighbor state for the host. Understanding routes aids in mapping connectivity and potential egress paths.

## Data Collected

This collector gathers structured data about routes.

### Routes Data

| Field       | Description | Example       |
| ----------- | ----------- | ------------- |
| `Neighbor`  | Neighbor    | Example value |
| `MAC`       | MAC         | Example value |
| `Interface` | Interface   | Example value |
| `Expiry`    | Expiry      | Example value |
| `Type`      | Type        | Example value |

## Collection Method

This collector parses a pre-generated esx network routes text file and normalizes route neighbor, interface, MAC, expiry, and type fields.

## Forensic Value

Routing data provides network context for lateral movement, external communications, and validates expected network topology during investigations.