Etc Protocols

Overview

Evidence: ETC Protocols Description: Collect ETC Protocols Category: Configurations Platform: macOS Short Name: etcpr Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

/etc/protocols maps protocol numbers to names. This data is essential for protocol identification, aiding packet analysis and incident response.

Data Collected

This collector gathers structured data about etc protocols.

ETC Protocols Data

Field

Description

Example

ID

Name

Name

Example Name

Number

Number

Example value

Alias

Alias

Example value

Comment

Comment

Example value

Collection Method

This collector queries the etc_protocols table via osquery and records entries into etc_protocols.

Usage

This evidence helps contextualize network events by mapping numeric protocol fields to names during analysis.

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousEtc Hosts NextEtc Services

Last updated 5 days ago

Was this helpful?