Etc Protocols

Overview

Evidence: ETC Protocols Description: Collect ETC Protocols Category: Network Platform: macos Short Name: etcpr Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

/etc/protocols maps protocol numbers to names. This data is essential for protocol identification, aiding packet analysis and incident response.

Data Collected

This collector gathers structured data about etc protocols.

Collection Method

This collector queries the etc_protocols table via osquery and records entries into etc_protocols.

Forensic Value

This evidence helps contextualize network events by mapping numeric protocol fields to names during analysis.

PreviousEtc Hosts NextEtc Services

Last updated 3 days ago

Was this helpful?