Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

The following table describes the fields of the Host MAC Address data block.

The Secondary Host Update data block contains information for a host sent as a secondary host update 
from a device monitoring a subnet other than that where the host resides. It is used within Change 
Secondary Update events (event type 1001, subtype 31). The Secondary Host Update data block has a 
block type of 96 in the series 1 group of blocks.

The following diagram shows the format of a Secondary Host Update data block:

Host MAC Address 
Data Block Type

uint32

Initiates the Host MAC Address data block. This value is always 

95

.

Host MAC Address 
Data Block Length

uint32

Number of bytes in the Host MAC Address data block. This value 
should always be 

20

: eight bytes for the data block type and length 

fields, one byte for the TTL value, 6 bytes for the MAC address, 
one byte for the primary subnet, and four bytes for the last seen 
value.

TTL

uint8

Indicates the difference between the TTL value in the packet used 
to fingerprint the host.

MAC Address

uint8 [6]

Indicates the MAC address of the host.

Primary

uint8

Indicates the primary subnet of the host.

Last Seen

uint32

Indicates when the host was last seen in traffic.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Secondary Host Update Block Type (96)

Secondary Host Update Block Length

IP Address

List Block Type (11)

Host MAC 

Address List

List Block Length

Host MAC 

Address List

Host MAC Address Block Type (95)

Host MAC Address Block Length

Host MAC Address Data Blocks...