Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
B-96
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Connection Data Structures
Connection Statistics Data Block 5.1.1.x
The connection statistics data block is used in connection data messages. Changes to the connection data
block between versions 5.1 and 5.1.1 include the addition of new fields to identify associated intrusion
events. The connection statistics data block for version 5.1.1.x has a block type of 137. It deprecates
block type 126,
block between versions 5.1 and 5.1.1 include the addition of new fields to identify associated intrusion
events. The connection statistics data block for version 5.1.1.x has a block type of 137. It deprecates
block type 126,
.
For more information on the Connection Statistics Data message, see
The following diagram shows the format of a Connection Statistics data block for 5.1.1:
::
Initiator IP Address
uint8[4]
IP address of the host that initiated the connection, in IP address
octets.
octets.
Responder IP
Address
Address
uint8[4]
IP address of the host that responded to the initiating host, in IP
address octets.
address octets.
Start Time
uint32
The starting time for the connection chunk.
Application ID
uint32
Application identification number for the application protocol
used in the connection.
used in the connection.
Responder Port
uint16
The port used by the responder in the connection chunk.
Protocol
uint8
The protocol for the packet containing the user information.
Connection Type
uint8
The type of connection.
Source Device IP
Address
Address
uint8[4]
IP address of the NetFlow device that detected the connection, in
IP address octets.
IP address octets.
Packets Sent
uint32
The number of packets sent in the connection chunk.
Packets Received
uint32
The number of packets received in the connection chunk.
Bytes Sent
uint32
The number of bytes sent in the connection chunk.
Bytes Received
uint32
The number of bytes received in the connection chunk.
Connections
uint32
The number of connections made in the connection chunk.
Table B-22
Connection Chunk Data Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Connection Data Block Type (137)
Connection Data Block Length
Device ID
Ingress Zone
Ingress Zone, continued