Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
314
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
Full Host Server Data Block 4.10.0+
The Full Host Server data block conveys information about a server, including the
server port, the frequency of use and most recent update, confidence of data
accuracy, and Sourcefire and third-party vulnerabilities related to that server for
the host. The Full Host Server data block contains a Full Sub-Server Information
data block for each sub-server on the server. Each Full Host Profile data block
contains a Full Host Server data block for each TCP and UDP server on the host.
The Full Host Server data block has a block type of 104 in the series 1 group of
blocks.
IMPORTANT!
An asterisk(*) next to a series 1 data block name in the following
diagram indicates that multiple instances of the data block may occur.
The following diagram shows the format of the Full Server data block:
::
Generic List
Block Length
uint32
Number of bytes in the Generic block and
encapsulated web application data blocks. This
number includes the eight bytes of the generic
list block header fields, plus the number of
bytes in all of the encapsulated web application
data blocks.
Web
Application
Data Blocks*
variable
Encapsulated web application data blocks up to
the maximum number of bytes in the list block
length. For details, see
Host Server Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Full Server Block Type (104)
Full Server Block Length
Port
Hits
Sub-Servers - Sourcefire
Hits, continued
Generic List Block Type (31)
Generic List Block Type, continued
Generic List Block Length
Generic List Block Length, continued
Full Server Information Data Blocks (106)*