Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

249

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

The 

 table describes the fields of the Server 

Banner data block.

String Information Data Block

The String Information data block contains string data. For example, the String 

Information data block is used to convey the Common Vulnerabilities and 

Exposures (CVE) identification string within a Scan Vulnerability data block. The 

String Information data block has a block type of 35 in the series 1 group of 

blocks.

Server Banner Data Block Fields 

Server Banner 

Block Type

uint32

Initiates a Server Banner data block. This value 

is always 37.

Server Banner 

Block Length

uint32

Total number of bytes in the Server Banner 

data block, including the eight bytes in the 

server banner block type and length fields, plus 

the number of bytes of data that follows.

Port

uint16

Port number on which the server runs.

Protocol

uint8

Protocol number for the server.

BLOB Block 

Type

uint32

Initiates a BLOB data block containing server 

banner data. This value is always 10.

Length

uint32

Total number of bytes in the BLOB data block 

(typically 264 bytes).

Banner

byte[

n

]

First 

n

 bytes of the packet involved in the 

server event, where 

n 

is equal to or less than 

256.