Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

314

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Full Host Server Data Block 4.10.0+

The Full Host Server data block conveys information about a server, including the 

server port, the frequency of use and most recent update, confidence of data 

accuracy, and Sourcefire and third-party vulnerabilities related to that server for 

the host. The Full Host Server data block contains a Full Sub-Server Information 

data block for each sub-server on the server. Each Full Host Profile data block 

contains a Full Host Server data block for each TCP and UDP server on the host. 

The Full Host Server data block has a block type of 104 in the series 1 group of 

blocks.

An asterisk(*) next to a series 1 data block name in the following 

diagram indicates that multiple instances of the data block may occur.

The following diagram shows the format of the Full Server data block:

::

Generic List 

Block Length

uint32

Number of bytes in the Generic block and 

encapsulated web application data blocks. This 

number includes the eight bytes of the generic 

list block header fields, plus the number of 

bytes in all of the encapsulated web application 

data blocks.

Web 

Application 

Data Blocks*

variable

Encapsulated web application data blocks up to 

the maximum number of bytes in the list block 

length. For details, see 

Host Server Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Full Server Block Type (104)

Full Server Block Length

Port

Hits

Sub-Servers -  Sourcefire

Hits, continued

Generic List Block Type (31)

Generic List Block Type, continued

Generic List Block Length

Generic List Block Length, continued

Full Server Information Data Blocks (106)*