Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
237
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
String Data Block
The String data block is used for sending string data in series 1 blocks. It
commonly appears within other series 1 data blocks to describe, for example,
operating system or server names.
Empty string data blocks (string data blocks containing no string data) have a
Empty string data blocks (string data blocks containing no string data) have a
block length value of 8 and are followed by zero bytes of string data. An empty
string data block is returned when there is no content for the string value, as
might happen, for example, in the OS vendor string field in an Operating System
data block when the vendor of the operating system is unknown.
The String data block has a block type of 0 in the series 1 group of blocks.
The String data block has a block type of 0 in the series 1 group of blocks.
IMPORTANT!
Strings returned in this data block are not always null-terminated
(that is, they are not always terminated with a 0).
143
Host IP
Current
Contains a host’s IP address and last
seen information. See
more information.
144
Connection
Statistics
Legacy
Contains information for connection
events in 5.2.x. See
page 602 for more information. It
supersedes block type 137.
146
Attribute
Address
Current
Contains the host attribute address
for 5.2+. See
on page 251 for more
information. It supersedes block
type 38.
140
Full Host
Profile
Current
Contains complete host profile
information. See
more information. Supersedes data
block 135.
152
Connection
Statistics
Current
Contains information for connection
events in 5.3+. See
page 300 for more information. It
supersedes block type 144.
Host Discovery and Connection Data Block Types (Continued)
T
YPE
C
ONTENT
D
ATA
B
LOCK
S
TATUS
D
ESCRIPTION