Routing Table Info
Overview
Evidence: Routing Table Info Description: ESXi Routing Table Info Category: Network Platform: esxi Short Name: routetable Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
The ESXi routing table defines how network packets are forwarded between different networks and interfaces. It contains critical information about network topology, gateway configurations, and network segmentation that can reveal unauthorized routing changes or network-based attack paths.
Data Collected
This collector gathers structured data about routing table info.
Routing Table Info Data
AccessTime
Access Time
2023-10-15 14:30:25+03:00
AccessCount
Access Count
123
URL
URL
Example value
Browser
Browser
Example value
Title
Title
Example value
VisitDuration
Visit Duration
Example value
Referrer
Referrer
Example value
TypedCount
Typed Count
123
IsHidden
Is Hidden
true
TransitionType
Transition Type
Example value
VisitID
Visit ID
123
TransitionQualifiers
Transition Qualifiers
Example value
User
User
Example value
Profile
Profile
Example value
HistoryFilePath
History File Path
Example value
Collection Method
This collector parses the routing table file (esx_routing_table.txt), extracting network destinations, netmasks, gateway addresses, and associated network interfaces for each routing entry in the ESXi host's routing configuration.
Forensic Value
Routing table analysis helps identify unauthorized route modifications, detect network pivoting attempts, validate network segmentation, and trace potential lateral movement paths. Unusual routes or gateway changes may indicate compromise or misconfiguration that enabled unauthorized network access.
Last updated
Was this helpful?