Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

300

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

The 

 table describes the fields of the Web 

Application data block.

Connection Statistics Data Block 5.3+

The connection statistics data block is used in connection data messages. 

Changes to the connection data block between versions 5.2.x and 5.3 include the 

addition of new fields for NetFlow information. The connection statistics data 

block for version 5.3+ has a block type of 152 in the series 1 group of blocks. It 

deprecates block type 144, 

For more information on the Connection Statistics Data message, see 

The following diagram shows the format of a Connection Statistics data block for 
5.3+:

::

Web Application Data Block Fields 

Web 

Application 

Data Block 

Type

uint32

Initiates the Web Application data block. This 

value is always 123.

Web 

Application 

Data Block 

Length

uint32

Number of bytes in the Web Application data 

block, including eight bytes for the Web 

Application data block type and length, plus the 

number of bytes in the application ID field that 

follows.

Application ID

uint32

Application ID of the web application.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Connection Data Block Type (152)

Connection Data Block Length

Device ID

Ingress Zone

Ingress Zone, continued

Ingress Zone, continued

Ingress Zone, continued