Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

4-94

FireSIGHT eStreamer Integration Guide

Chapter 4 Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Connection Chunk Data Block for 5.1.1+

The Connection Chunk data block conveys connection data. It stores connection log data that aggregates
over a five-minute period. The Connection Chunk data block has a block type of 136 in the series 1 group
of blocks. It supersedes block type 119. The following diagram shows the format of the Connection
Chunk data block:

IP Address
Range
Specification
Data Blocks

variable

Encapsulated IP Address Range Specification data blocks up to the
maximum number of bytes in the list block length. For more
information, see

IP Address Range Data Block for 5.2+, page 4-88

Generic List
Block Type

uint32

Initiates a Generic List data block. This value is always

Generic List
Block Length

uint32

Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list block
header fields, plus the number of bytes in all of the encapsulated data
blocks.

MAC Address
Specification
Data Blocks

variable

Encapsulated MAC Address Specification data blocks up to the
maximum number of bytes in the list block length. For more
information, see

MAC Address Specification Data Block, page 4-92

Table 4-53

Address Specification Data Block Fields (continued)

Field

Number of
Bytes

Description

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Connection Chunk Block Type (136)

Connection Chunk Block Length

Initiator IP Address

Responder IP Address

Start Time

Application Protocol

Responder Port

Protocol

Connection Type

NetFlow Detector IP Address

Packets Sent

Packets Sent, continued