Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

237

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

String Data Block

The String data block is used for sending string data in series 1 blocks. It 

commonly appears within other series 1 data blocks to describe, for example, 

operating system or server names. 
Empty string data blocks (string data blocks containing no string data) have a 

block length value of 8 and are followed by zero bytes of string data. An empty 

string data block is returned when there is no content for the string value, as 

might happen, for example, in the OS vendor string field in an Operating System 

data block when the vendor of the operating system is unknown.
The String data block has a block type of 0 in the series 1 group of blocks.

Strings returned in this data block are not always null-terminated 

(that is, they are not always terminated with a 0).

143

Host IP

Current

Contains a host’s IP address and last 

seen information. See 

 on page 273 for 

more information.

144

Connection 

Statistics

Legacy

Contains information for connection 

events in 5.2.x. See 

page 602 for more information. It 

supersedes block type 137.

146

Attribute 

Address

Current

Contains the host attribute address 

for 5.2+. See 

 on page 251 for more 

information. It supersedes block 

type 38.

140

Full Host 

Profile

Current

Contains complete host profile 

information. See 

 on page 388 for 

more information. Supersedes data 

block 135.

152

Connection 

Statistics

Current

Contains information for connection 

events in 5.3+. See 

page 300 for more information. It 

supersedes block type 144.

Host Discovery and Connection Data Block Types (Continued)