Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

612

Understanding Legacy Data Structures

Legacy Connection Data Structures

Appendix B

Connection Statistics Data Block 5.1.1.x

The connection statistics data block is used in connection data messages. 

Changes to the connection data block between versions 5.1 and 5.1.1 include the 

addition of new fields to identify associated intrusion events. The connection 

statistics data block for version 5.1.1.x has a block type of 137. It deprecates block 

type 126, 

 on page 595. For more information 

on the Connection Statistics Data message, see 

 on page 215.

The following diagram shows the format of a Connection Statistics data block for 

5.1.1:

::

Bytes 

Received

uint32

The number of bytes received in the 

connection chunk. 

Connections

uint32

The number of connections made in the 

connection chunk. 

Connection Chunk Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Connection Data Block Type (137)

Connection Data Block Length

Device ID

Ingress Zone

Ingress Zone, continued

Ingress Zone, continued

Ingress Zone, continued

Egress Zone

Egress Zone, continued

Egress Zone, continued

Egress Zone, continued

Ingress Interface