Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

15

Introduction

Document Conventions

Chapter 1

unsigned integer values. Bit fields use low-order bits unless otherwise noted. For 

example, in a one byte field containing five bits of flag data, the low-order five bits 

will contain the data.

IP Addresses

The Sourcefire database stores IPv4 and IPv6 addresses in the same fields in a 

BINARY format. To get IPv6 addresses, convert to hex notation, for example: 

20010db8000000000000000000004321

. The database follows the RFC for storing 

IPv4 addresses by filling in bits 80-95 with 1’s, which yields an invalid IPv6 

address. For example, the IPv4 address 10.5.15.1 would be stored as 

00000000000000000000FFFF0A050F01

.

eStreamer Message Data Type Conventions 

nn-bit field

Bit field of nn bits

byte

8-bit byte containing data of arbitrary format

int8

Signed 8-bit byte

uint8

Unsigned 8-bit byte

int16

Signed 16-bit integer

uint16

Unsigned 16-bit integer

int32

Signed 32-bit integer

uint32

Unsigned 32-bit integer

uint64

Unsigned 64-bit integer

string

Variable length field containing character data

[n]

Array subscript following any of the above data types to 

indicate n instances of the indicated data type, for 

example, uint8[4]

variable

Collection of various data types

BLOB

Binary object of unspecified type, typically raw data as 

captured from a packet