Cisco Cisco Firepower Management Center 4000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

685

Understanding Legacy Data Structures

Legacy Host Data Structures

Appendix B

Full Host Profile Data Block 5.1.1

The Full Host Profile data block for version 5.1.1 contains a full set of data

describing one host. It has the format shown in the graphic below and explained

in the following table. Note that, except for List data blocks, the graphic does not

show the fields of the encapsulated data blocks. These encapsulated data blocks

are described separately in

Understanding Discovery & Connection Data

Structures

on page 164. The Full Host Profile data block a block type value of 135

It deprecates data block 111.

IMPORTANT!

An asterisk(*) next to a block name in the following diagram

indicates that multiple instances of the data block may occur.

List Block

Length

uint32

Number of bytes in the List data block, including

the list header and all encapsulated data blocks.

Attribute Value

Data Blocks *

variable

List of Attribute Value data blocks. See

Attribute

Value Data Block

on page 253 for a description

of the data blocks in this list.

Full Host Profile Record 5.0 - 5.0.2 Fields (Continued)

IELD

ATA

YPE

ESCRIPTION

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Full Host Profile Data Block (135)

Data Block Length

IP Address

Hops

Generic List Block Type (31)

Generic List Block

Type, continued

Generic List Block Length

Der

ived

Fingerprints

Generic List Block

Length, continued

Operating System Fingerprint Block Type (130)*

OS Fingerprint Block

Type (130)*, con’t

Operating System Fingerprint Block Length

OS Fingerprint Block

Length, con’t

Operating System Derived Fingerprint Data...