Cisco Cisco Firepower Management Center 4000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
249
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
The
table describes the fields of the Server
Banner data block.
String Information Data Block
The String Information data block contains string data. For example, the String
Information data block is used to convey the Common Vulnerabilities and
Exposures (CVE) identification string within a Scan Vulnerability data block. The
String Information data block has a block type of 35 in the series 1 group of
blocks.
Server Banner Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Server Banner
Block Type
uint32
Initiates a Server Banner data block. This value
is always 37.
Server Banner
Block Length
uint32
Total number of bytes in the Server Banner
data block, including the eight bytes in the
server banner block type and length fields, plus
the number of bytes of data that follows.
Port
uint16
Port number on which the server runs.
Protocol
uint8
Protocol number for the server.
BLOB Block
Type
uint32
Initiates a BLOB data block containing server
banner data. This value is always 10.
Length
uint32
Total number of bytes in the BLOB data block
(typically 264 bytes).
Banner
byte[
n
]
First
n
bytes of the packet involved in the
server event, where
n
is equal to or less than
256.