Evidence: ETC Protocols
Description: Collect ETC Protocols
Category: Network
Platform: macos
Short Name: etcpr
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
/etc/protocols maps protocol numbers to names. This data is essential for protocol identification, aiding packet analysis and incident response.
Data Collected
This collector gathers structured data about etc protocols.
Collection Method
This collector queries the etc_protocols table via osquery and records entries into etc_protocols.
Forensic Value
This evidence helps contextualize network events by mapping numeric protocol fields to names during analysis.
