Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
209
Understanding Discovery & Connection Data Structures
Metadata for Discovery Events
Chapter 4
IP Address Change Message
The following host discovery messages have a standard discovery event header
(as documented in
on page 198) and two different
forms, structures, one with four bytes for the IP address and one with 16 bytes
for the IP address.
Four bytes are used for the IP address (in IP address octets) in the following case:
Four bytes are used for the IP address (in IP address octets) in the following case:
•
New IPv4 to IPv4 Traffic
•
Host IP Address Changed, when the RNA event version is less than 10.
16 bytes are used for the IP address in the following cases:
•
New IPv6 to IPv6 Traffic
•
Host IP Address Changed, when the RNA event version is 10
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
IP Address
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
IP Address
IP Address, continued
IP Address, continued
IP Address, continued