# Routing Table Info ## Overview **Evidence:** Routing Table Info\ **Description:** ESXi Routing Table Info\ **Category:** Network\ **Platform:** esxi\ **Short Name:** routetable\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background The ESXi routing table defines how network packets are forwarded between different networks and interfaces. It contains critical information about network topology, gateway configurations, and network segmentation that can reveal unauthorized routing changes or network-based attack paths. ## Data Collected This collector gathers structured data about routing table info. ### Routing Table Info Data | Field | Description | Example | | ---------------------- | --------------------- | ------------------------- | | `AccessTime` | Access Time | 2023-10-15 14:30:25+03:00 | | `AccessCount` | Access Count | 123 | | `URL` | URL | Example value | | `Browser` | Browser | Example value | | `Title` | Title | Example value | | `VisitDuration` | Visit Duration | Example value | | `Referrer` | Referrer | Example value | | `TypedCount` | Typed Count | 123 | | `IsHidden` | Is Hidden | true | | `TransitionType` | Transition Type | Example value | | `VisitID` | Visit ID | 123 | | `TransitionQualifiers` | Transition Qualifiers | Example value | | `User` | User | Example value | | `Profile` | Profile | Example value | | `HistoryFilePath` | History File Path | Example value | ## Collection Method This collector parses the routing table file (esx\_routing\_table.txt), extracting network destinations, netmasks, gateway addresses, and associated network interfaces for each routing entry in the ESXi host's routing configuration. ## Forensic Value Routing table analysis helps identify unauthorized route modifications, detect network pivoting attempts, validate network segmentation, and trace potential lateral movement paths. Unusual routes or gateway changes may indicate compromise or misconfiguration that enabled unauthorized network access.