Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
685
Understanding Legacy Data Structures
Legacy Host Data Structures
Appendix B
Full Host Profile Data Block 5.1.1
The Full Host Profile data block for version 5.1.1 contains a full set of data
describing one host. It has the format shown in the graphic below and explained
in the following table. Note that, except for List data blocks, the graphic does not
show the fields of the encapsulated data blocks. These encapsulated data blocks
are described separately in
on page 164. The Full Host Profile data block a block type value of 135
It deprecates data block 111.
IMPORTANT!
An asterisk(*) next to a block name in the following diagram
indicates that multiple instances of the data block may occur.
List Block
Length
uint32
Number of bytes in the List data block, including
the list header and all encapsulated data blocks.
Attribute Value
Data Blocks *
variable
List of Attribute Value data blocks. See
on page 253 for a description
of the data blocks in this list.
Full Host Profile Record 5.0 - 5.0.2 Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Full Host Profile Data Block (135)
Data Block Length
IP Address
Hops
Generic List Block Type (31)
Generic List Block
Type, continued
Generic List Block Length
OS
Der
ived
Fingerprints
Generic List Block
Length, continued
Operating System Fingerprint Block Type (130)*
OS Fingerprint Block
Type (130)*, con’t
Operating System Fingerprint Block Length
OS Fingerprint Block
Length, con’t
Operating System Derived Fingerprint Data...