Network Interfaces
Overview
Section titled “Overview”Evidence: Network Interfaces
Description: Collect Network Interfaces
Category: Network
Platform: macos
Short Name: netint
Is Parsed: Yes
Sent to Investigation Hub: Yes
Collect File(s): No
Background
Section titled “Background”macOS network interface information provides details about adapters, IP addresses, and configuration. This data is essential for understanding connectivity, detecting unauthorized network access, and investigating network incidents.
Data Collected
Section titled “Data Collected”This collector gathers structured data about network interfaces.
Network Interfaces Data
Section titled “Network Interfaces Data”| Field | Description | Example |
|---|---|---|
Interface | Interface | Example value |
Address | Address | Example value |
Mask | Mask | Example value |
Broadcast | Broadcast | Example value |
PointToPoint | Point To Point | Example value |
Type | Type | Example value |
Collection Method
Section titled “Collection Method”This collector queries the interface_addresses table via osquery and records results into the network_interfaces table.
Forensic Value
Section titled “Forensic Value”This evidence is crucial for forensic investigations as it reveals interface configuration, aiding detection of rogue interfaces, unusual addressing, and network misconfigurations.