Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

274

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

The 

 table describes the components of the 

Host IP Address data block.

MAC Address Specification Data Block

The MAC Address Specification data block conveys an individual MAC address. 

MAC Address Specification data blocks are used in User Protocol, Address 

Specification, and User Hosts data blocks. The MAC Address Specification data 

block has a block type of 63 in the series 1 group of blocks.
The following diagram shows the format of the MAC Address Specification data 

block: 

Host IP Address Data Block Fields 

Host IP 

Address Block 

Type

uint32

Initiates a Host IP Address data block. This 

value is always 143.

Host IP Block 

Length

uint32

Total number of bytes in the Host IP Address 

data block, including eight bytes for the Host IP 

block type and length fields, plus the number of 

bytes of Host IP Address data that follows.

IP Address

uint8[16]

The IP address. This can be IPv4 or IPv6.

Last Seen

uint32

UNIX timestamp that represents the last time 

the IP address was detected.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

MAC Address Specification Block Type (63)

MAC Address Specification Block Length

MAC Block 1

MAC Block 2

MAC Block 3

MAC Block 4

MAC Block 5

MAC Block 6