Views:

View data and descriptions of evidence in the network information category collected from Linux endpoints.

These evidence types are displayed in columns after selecting an evidence category when examining an Evidence Report.
The following table contains descriptions of the evidence data in the network information category that may be collected from Linux endpoints by the Collect Evidence task and Trend Micro Incident Response Toolkit.
Evidence Type
Evidence Data
Description
ARP
Network interface
The name of the network interface
Address
The associated IP address
Mask
The associated subnet mask
MAC
The MAC address of the network interface hardware
Type
The type of hardware associated with the network interface
DNS information
Domain name server
The address of the domain name server
Route IPv4
Destination
The target of the route
Flags
The flags representing route characteristics as represented by a character
Gateway address
The address of the gateway if any
Network interface
The name of the associated network interface
Mask
The associates subnet mask of the route
Target distance
The distance to the target in hops
Reference count
The number of references to the associated route
Lookup count
The number of lookups for the associated route
Route IPv6
Destination
The target of the route
Network interface
The name of the associated network interface
Source
The origin of the route
Next hop
The next hop on the route toward the destination
Flags
The flags representing route characteristics as represented by a character
Target distance
The distance to the target in hops
Reference count
The number of references to the associated route
Lookup count
The number of lookups for the associated route