Vswitch Standard Info

Overview

Evidence: Vswitch Standard Info
Description: ESXi Vswitch Standard Info
Category: Network
Platform: esxi
Short Name: vswitchstdinfo
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No

Background

Virtual Standard Switches (vSwitch) provide network connectivity for virtual machines and VMkernel interfaces. vSwitch configuration defines network segmentation, security policies, and traffic shaping, making it critical for understanding network topology and detecting unauthorized network modifications.

Data Collected

This collector gathers structured data about vswitch standard info.

Vswitch Standard Info Data

Field	Description	Example
`Name`	Name	Example value
`Class`	Class	Example value
`NumPorts`	Num Ports	123
`UsedPorts`	Used Ports	123
`ConfiguredPorts`	Configured Ports	123
`MTU`	MTU	123
`CDPStatus`	CDP Status	Example value
`BeaconEnabled`	Beacon Enabled	Example value
`BeaconInterval`	Beacon Interval	123
`BeaconThreshold`	Beacon Threshold	123
`BeaconRequiredBy`	Beacon Required By	Example value
`Uplinks`	Uplinks	Example value
`PortGroups`	Port Groups	Example value

Collection Method

This collector parses standard vSwitch configuration data, extracting switch names, number of ports, configured port groups, uplink associations, NIC teaming policies, security settings, traffic shaping parameters, and VLAN configurations.

Forensic Value

vSwitch configuration analysis reveals network segmentation policies, detects promiscuous mode enabling that could indicate packet sniffing, identifies unauthorized VLAN access, and exposes network policy violations that may facilitate lateral movement or data exfiltration.