Vswitch Standard Info
Overview
Evidence: Vswitch Standard Info Description: ESXi Vswitch Standard Info Category: Network Platform: esxi Short Name: vswitchstdinfo Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No
Background
Virtual Standard Switches (vSwitch) provide network connectivity for virtual machines and VMkernel interfaces. vSwitch configuration defines network segmentation, security policies, and traffic shaping, making it critical for understanding network topology and detecting unauthorized network modifications.
Data Collected
This collector gathers structured data about vswitch standard info.
Vswitch Standard Info Data
Name
Name
Example value
Class
Class
Example value
NumPorts
Num Ports
123
UsedPorts
Used Ports
123
ConfiguredPorts
Configured Ports
123
MTU
MTU
123
CDPStatus
CDP Status
Example value
BeaconEnabled
Beacon Enabled
Example value
BeaconInterval
Beacon Interval
123
BeaconThreshold
Beacon Threshold
123
BeaconRequiredBy
Beacon Required By
Example value
Uplinks
Uplinks
Example value
PortGroups
Port Groups
Example value
Collection Method
This collector parses standard vSwitch configuration data, extracting switch names, number of ports, configured port groups, uplink associations, NIC teaming policies, security settings, traffic shaping parameters, and VLAN configurations.
Forensic Value
vSwitch configuration analysis reveals network segmentation policies, detects promiscuous mode enabling that could indicate packet sniffing, identifies unauthorized VLAN access, and exposes network policy violations that may facilitate lateral movement or data exfiltration.
Last updated
Was this helpful?