NIC List
Overview
Section titled “Overview”Evidence: NIC List
Description: List ESXi NICs
Category: Network
Platform: esxi
Short Name: niclist
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”Physical network interface cards (NICs) connect ESXi hosts to network infrastructure. NIC configuration and status information reveals network connectivity, adapter associations, link states, and potential hardware tampering or unauthorized network device additions.
Data Collected
Section titled “Data Collected”This collector gathers structured data about nic list.
NIC List Data
Section titled “NIC List Data”| Field | Description | Example |
|---|---|---|
Name | Name | Example value |
PCI | PCI | Example value |
Driver | Driver | Example value |
Link | Link | Example value |
Speed | Speed | Example value |
Duplex | Duplex | Example value |
MAC | MAC | Example value |
MTU | MTU | 123 |
Description | Description | Example value |
Collection Method
Section titled “Collection Method”This collector parses NIC enumeration data, extracting interface names, descriptions, MAC addresses, PCI device information, driver details, link states, speeds, duplex settings, and administrative status for each physical network adapter.
Forensic Value
Section titled “Forensic Value”NIC inventory helps validate physical network connections, detect rogue network adapters, identify driver-based attacks or rootkits, and trace network paths used during incidents. MAC addresses and PCI information assist in hardware identification and change detection.