Network Adapters

Overview

Evidence: Network Adapters Description: Collect Information About Network Adapters Category: Network Platform: Windows Short Name: netadp Is Parsed: Yes - Adapter info parsed into structured format Sent to Investigation Hub: Yes Collect File(s): No

Background

Network adapters connect the system to networks (Ethernet, WiFi, VPN, etc.). Each adapter has configuration including MAC address, IP address, DHCP settings, gateway, and DNS servers.

Adapter information reveals the system's network connectivity and can indicate VPN usage, WiFi connections, or unusual network configurations.

Data Collected

Field

Description

Example

Name

Adapter name/GUID

{12345678-1234-1234-1234-123456789ABC}

Description

Adapter description

Intel(R) PRO/1000 MT Network Connection

PhysicalAddress

MAC address

00:50:56:C0:00:08

Index

Adapter index

Type

Adapter type

71 (Ethernet 802.3)

DHCPEnabled

Whether DHCP is enabled

TRUE

IPAddress

IP address

192.168.1.100

Gateway

Default gateway

192.168.1.1

DHCPServer

DHCP server address

192.168.1.1

Collection Method

This collector uses Windows API to enumerate adapters:

GetAdaptersInfo to retrieve all network adapters
Parses adapter configuration
Converts MAC addresses to readable format

Usage

Network adapter information reveals network connectivity and configuration. Investigators use this data to identify all network interfaces, detect VPN or tunnel adapters, track MAC addresses for device identification, understand DHCP vs static configuration, identify WiFi connections, and correlate with network traffic.

Known Limitations

Point-in-time snapshot
Configuration can change frequently
Disabled adapters may not appear
Virtual adapters included (VPNs, VMware, etc.)

Notes

Virtual network adapters (VPN, VMware, Hyper-V) will appear in this list. The MAC address can be used to correlate network activity with specific physical devices.

PreviousNTDS.dit NextNetwork Capture

Last updated 46 minutes ago

Was this helpful?