search
Back to binalyze.com

Network Interfaces

hashtag
Overview

Evidence: Network Interfaces Description: Collect Network Interfaces Category: Network Platform: macos Short Name: netint Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

hashtag
Background

macOS network interface information provides details about adapters, IP addresses, and configuration. This data is essential for understanding connectivity, detecting unauthorized network access, and investigating network incidents.

hashtag
Data Collected

This collector gathers structured data about network interfaces.

hashtag
Network Interfaces Data

Field
Description
Example

Interface

Interface

Example value

Address

Address

Example value

Mask

Mask

Example value

Broadcast

Broadcast

Example value

PointToPoint

Point To Point

Example value

Type

Type

Example value

hashtag
Collection Method

This collector queries the interface_addresses table via osquery and records results into the network_interfaces table.

hashtag
Forensic Value

This evidence is crucial for forensic investigations as it reveals interface configuration, aiding detection of rogue interfaces, unusual addressing, and network misconfigurations.

PreviousMySQL LogsNextNetwork Usage

Last updated

Was this helpful?