View data and descriptions of evidence in the network information category collected from Linux endpoints.
These evidence types are displayed in columns after selecting an evidence category
when examining an Evidence Report.
The following table contains descriptions of the evidence data in the network information
category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident Response Toolkit.
|
Evidence Type
|
Evidence Data
|
Description
|
|
ARP
|
Network interface
|
The name of the network interface
|
|
Address
|
The associated IP address
|
|
|
Mask
|
The associated subnet mask
|
|
|
MAC
|
The MAC address of the network interface hardware
|
|
|
Type
|
The type of hardware associated with the network interface
|
|
|
DNS information
|
Domain name server
|
The address of the domain name server
|
|
Route IPv4
|
Destination
|
The target of the route
|
|
Flags
|
The flags representing route characteristics as represented by a character
|
|
|
Gateway address
|
The address of the gateway if any
|
|
|
Network interface
|
The name of the associated network interface
|
|
|
Mask
|
The associates subnet mask of the route
|
|
|
Target distance
|
The distance to the target in hops
|
|
|
Reference count
|
The number of references to the associated route
|
|
|
Lookup count
|
The number of lookups for the associated route
|
|
|
Route IPv6
|
Destination
|
The target of the route
|
|
Network interface
|
The name of the associated network interface
|
|
|
Source
|
The origin of the route
|
|
|
Next hop
|
The next hop on the route toward the destination
|
|
|
Flags
|
The flags representing route characteristics as represented by a character
|
|
|
Target distance
|
The distance to the target in hops
|
|
|
Reference count
|
The number of references to the associated route
|
|
|
Lookup count
|
The number of lookups for the associated route
|