IP Routes

Overview

Evidence: IP Routes Description: Collect IP Routes Category: Network Platform: macos Short Name: iprts Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

macOS routing table entries reveal how the system forwards traffic. This data is essential for understanding network topology, default gateways, and investigating potential redirections.

Data Collected

This collector gathers structured data about ip routes.

Collection Method

This collector queries the routes table via osquery and records results into the ip_routes table.

Forensic Value

This evidence is crucial for forensic investigations as it helps detect malicious routing changes, misconfigurations, and suspicious gateways.

PreviousInstalled Applications NextKernel Extensions Info

Last updated 2 days ago

Was this helpful?