Cisco Cisco Firepower Management Center 2000 Entwickleranleitung

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

577

Understanding Legacy Data Structures

Legacy Connection Data Structures

Appendix B

Legacy Connection Data Structures

For more information, see the following sections:

Connection Statistics Data Block for 4.7 - 4.9.0.x

The Connection Statistics data block is used in Connection Data messages. 

Changes to the Connection Statistics data block between 3.5 and 4.7 include the 

use of a server identification number rather than a server name and the addition 

of a client application type identification number and a domain name string. The 

Connection Statistics data block for 4.7 - 4.9.0 has a block type of 56.

Fingerprint 

UUID

uint8[16]

Fingerprint identification number, in octets, that 

acts as a unique identifier for the operating 

system. The fingerprint UUID maps to the 

operating system name, vendor, and version in 

the vulnerability database (VDB).

Fingerprint 

Type

uint32

Indicates the type of fingerprint.

Fingerprint 

Source Type

uint32

Indicates the type (i.e., user or scanner) of the 

source that supplied the operating system 

fingerprint.

Fingerprint 

Source ID

uint32

Indicates the ID of the source that supplied the 

operating system fingerprint.

Last Seen

uint32

Indicates when the fingerprint was last seen in 

traffic.

TTL Difference

uint8

Indicates the difference between the TTL value 

in the fingerprint and the TTL value seen in the 

packet used to fingerprint the host.

Operating System Fingerprint Data Block Fields (Continued)