Network Interfaces

Overview

Evidence: Network Interfaces Description: Collect Network Interfaces Category: Network Platform: macos Short Name: netint Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

macOS network interface information provides details about adapters, IP addresses, and configuration. This data is essential for understanding connectivity, detecting unauthorized network access, and investigating network incidents.

Data Collected

This collector gathers structured data about network interfaces.

Network Interfaces Data

Field

Description

Example

Interface

Interface

Example value

Address

Address

Example value

Mask

Mask

Example value

Broadcast

Broadcast

Example value

PointToPoint

Point To Point

Example value

Type

Type

Example value

Collection Method

This collector queries the interface_addresses table via osquery and records results into the network_interfaces table.

Forensic Value

This evidence is crucial for forensic investigations as it reveals interface configuration, aiding detection of rogue interfaces, unusual addressing, and network misconfigurations.

PreviousMySQL Logs NextNetwork Usage

Last updated 4 days ago

Was this helpful?