Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
4-44
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Host Identified as a Bridge/Router Message
A Host Identified as a Bridge/Router event message has a standard discovery event header (as
documented in
documented in
) followed by a four-byte field for the value that
matches the host type:
•
0
- host
•
1
- router
•
2
- bridge
VLAN Tag Information Update Messages
The VLAN Tag Information Update event has a standard discovery event header (as documented in
) followed by VLAN data block (as documented in
). The VLAN Data block is block type 14 in the series 1 group of blocks.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
TTL
MAC Address
ARP/DHCP
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
Host Type