# Vswitch Standard Info ## Overview **Evidence:** Vswitch Standard Info\ **Description:** ESXi Vswitch Standard Info\ **Category:** Network\ **Platform:** esxi\ **Short Name:** vswitchstdinfo\ **Is Parsed:** Yes\ **Sent to Investigation Hub:** Yes\ **Collect File(s):** No ## Background Virtual Standard Switches (vSwitch) provide network connectivity for virtual machines and VMkernel interfaces. vSwitch configuration defines network segmentation, security policies, and traffic shaping, making it critical for understanding network topology and detecting unauthorized network modifications. ## Data Collected This collector gathers structured data about vswitch standard info. ### Vswitch Standard Info Data | Field | Description | Example | | ------------------ | ------------------ | ------------- | | `Name` | Name | Example value | | `Class` | Class | Example value | | `NumPorts` | Num Ports | 123 | | `UsedPorts` | Used Ports | 123 | | `ConfiguredPorts` | Configured Ports | 123 | | `MTU` | MTU | 123 | | `CDPStatus` | CDP Status | Example value | | `BeaconEnabled` | Beacon Enabled | Example value | | `BeaconInterval` | Beacon Interval | 123 | | `BeaconThreshold` | Beacon Threshold | 123 | | `BeaconRequiredBy` | Beacon Required By | Example value | | `Uplinks` | Uplinks | Example value | | `PortGroups` | Port Groups | Example value | ## Collection Method This collector parses standard vSwitch configuration data, extracting switch names, number of ports, configured port groups, uplink associations, NIC teaming policies, security settings, traffic shaping parameters, and VLAN configurations. ## Forensic Value vSwitch configuration analysis reveals network segmentation policies, detects promiscuous mode enabling that could indicate packet sniffing, identifies unauthorized VLAN access, and exposes network policy violations that may facilitate lateral movement or data exfiltration.