Routes
Overview
Section titled “Overview”Evidence: Routes
Description: List Routes
Category: Network
Platform: esxi
Short Name: routes
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”ESXi network routing entries reflect layer-3 reachability and ARP neighbor state for the host. Understanding routes aids in mapping connectivity and potential egress paths.
Data Collected
Section titled “Data Collected”This collector gathers structured data about routes.
Routes Data
Section titled “Routes Data”| Field | Description | Example |
|---|---|---|
Neighbor | Neighbor | Example value |
MAC | MAC | Example value |
Interface | Interface | Example value |
Expiry | Expiry | Example value |
Type | Type | Example value |
Collection Method
Section titled “Collection Method”This collector parses a pre-generated esx network routes text file and normalizes route neighbor, interface, MAC, expiry, and type fields.
Forensic Value
Section titled “Forensic Value”Routing data provides network context for lateral movement, external communications, and validates expected network topology during investigations.