Cisco Cisco Firepower Management Center 4000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
298
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
Secondary Host Update
The Secondary Host Update data block contains information for a host sent as a
secondary host update from a device monitoring a subnet other than that where
the host resides. It is used within Change Secondary Update events (event type
1001, subtype 31). The Secondary Host Update data block has a block type of 96
in the series 1 group of blocks.
The following diagram shows the format of a Secondary Host Update data block:
The following diagram shows the format of a Secondary Host Update data block:
The
table describes the fields of the
Secondary Host Update data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Secondary Host Update Block Type (96)
Secondary Host Update Block Length
IP Address
List Block Type (11)
Hos
t MAC Address L
ist
List Block Length
Host
MA
C
Address L
ist
Host MAC Address Block Type (95)
Host MAC Address Block Length
Host MAC Address Data Blocks...
Secondary Host Update Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Secondary
Host Update
Block Type
uint32
Initiates a Secondary Host Update data block.
This value is always 96.
Secondary
Host Update
Block Length
uint32
Number of bytes in the Secondary Host Update
data block, including eight bytes for the
secondary host update block type and length
fields, plus the number of bytes of secondary
host update data that follows.
IP Address
uint8[4]
IP address of the host described in the update, in
IP address octets.