Routing Table Info
Overview
Section titled “Overview”Evidence: Routing Table Info
Description: ESXi Routing Table Info
Category: Network
Platform: esxi
Short Name: routetable
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”The ESXi routing table defines how network packets are forwarded between different networks and interfaces. It contains critical information about network topology, gateway configurations, and network segmentation that can reveal unauthorized routing changes or network-based attack paths.
Data Collected
Section titled “Data Collected”This collector gathers structured data about routing table info.
Routing Table Info Data
Section titled “Routing Table Info Data”| Field | Description | Example |
|---|---|---|
AccessTime | Access Time | 2023-10-15 14:30:25+03:00 |
AccessCount | Access Count | 123 |
URL | URL | Example value |
Browser | Browser | Example value |
Title | Title | Example value |
VisitDuration | Visit Duration | Example value |
Referrer | Referrer | Example value |
TypedCount | Typed Count | 123 |
IsHidden | Is Hidden | true |
TransitionType | Transition Type | Example value |
VisitID | Visit ID | 123 |
TransitionQualifiers | Transition Qualifiers | Example value |
User | User | Example value |
Profile | Profile | Example value |
HistoryFilePath | History File Path | Example value |
Collection Method
Section titled “Collection Method”This collector parses the routing table file (esx_routing_table.txt), extracting network destinations, netmasks, gateway addresses, and associated network interfaces for each routing entry in the ESXi host’s routing configuration.
Forensic Value
Section titled “Forensic Value”Routing table analysis helps identify unauthorized route modifications, detect network pivoting attempts, validate network segmentation, and trace potential lateral movement paths. Unusual routes or gateway changes may indicate compromise or misconfiguration that enabled unauthorized network access.