# Etc Services

## Overview

**Evidence:** ETC Services\
**Description:** Collect ETC Services\
**Category:** Network\
**Platform:** macos\
**Short Name:** etcsrv\
**Is Parsed:** Yes\
**Sent to Investigation Hub:** Yes\
**Collect File(s):** No

## Background

`/etc/services` maps service names to ports and protocols. This data is essential for validating service configurations and troubleshooting network behavior.

## Data Collected

This collector gathers structured data about etc services.

## Collection Method

This collector queries the `etc_services` table via osquery and records entries into `etc_services`.

## Forensic Value

This evidence supports investigations by documenting expected service-port mappings, aiding anomaly detection.