Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

388

Understanding Host Data Structures

Full Host Profile Data Block 5.3+

Chapter 5

Full Host Profile Data Block 5.3+

The Full Host Profile data block for version 5.3+ contains a full set of data

describing one host. It has the format shown in the graphic below and explained

in the following table. Note that, except for List data blocks, the graphic does not

show the fields of the encapsulated data blocks. These encapsulated data blocks

are described separately in

Understanding Discovery & Connection Data

Structures

on page 164. The Full Host Profile data block a block type value of 149.

It supersedes the prior version, which has a block type of 140.

IMPORTANT!

An asterisk (*) next to a block name in the following diagram

indicates that multiple instances of the data block may occur.

The following diagram shows the format of the Full Host Profile data block for

5.3+:

Byte

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Full Host Profile Data Block (149)

Data Block Length

Host ID

Host ID, continued

IP Addresses

List Block Type (11)

List Block Length

IP Address Data Blocks (143)*

Hops

Generic List Block Type (31)

Generic List Block

Type, continued

Generic List Block Length

Der

ived

Fingerprints

Generic List Block

Length, continued

Operating System Fingerprint Block Type (130)*

OS Fingerprint Block

Type (130)*, con’t

Operating System Fingerprint Block Length

OS Fingerprint Block

Length, con’t

Operating System Derived Fingerprint Data...