Back to binalyze.com

VmkNicList

Overview

Evidence: VmkNicList Description: List VmkNicList Category: Network Platform: esxi Short Name: vmkniclist Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

VMkernel network interfaces (vmknic) provide ESXi management, vMotion, storage, and fault tolerance network connectivity. These interfaces are critical for hypervisor operations and can be targets for network-based attacks or misconfigurations that expose management networks.

Data Collected

This collector gathers structured data about vmkniclist.

VmkNicList Data

Field
Description
Example

Interface

Interface

Example value

PortGroup

Port Group

Example value

IPFamily

IP Family

Example value

IPAddress

IP Address

Example value

Netmask

Netmask

Example value

Broadcast

Broadcast

Example value

MAC

MAC

Example value

MTU

MTU

123

TSOMSS

TSOMSS

123

Enabled

Enabled

Example value

Type

Type

Example value

NetStack

Net Stack

Example value

Collection Method

This collector parses VMkernel NIC information, extracting interface names, DHCP/IPv6 settings, IP addresses, MAC addresses, MTU sizes, TSO/MSS values, enabled status, interface types, and network stack assignments for each configured VMkernel adapter.

Forensic Value

VMkernel interface configuration reveals management network topology, potential security misconfigurations, and unauthorized network modifications. Analyzing IP assignments, MAC addresses, and network stack associations helps detect rogue interfaces, validate network isolation, and identify attack vectors targeting hypervisor management.

PreviousVIB InfoNextVswitch Standard Info

Last updated

Was this helpful?