Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

The eStreamer service uses the String data block to send string data in messages. These blocks 
commonly appear within other data blocks to identify, for example, operating system or server names. 

Empty String data blocks (containing no data, only the header fields) have a block length of 8. eStreamer 
uses an empty String data block when it has no content for a string value, as might happen, for example, 
in the OS vendor string field in an Operating System data block when the vendor of the operating system 
is unknown.

The String data block has a block type of 0 in the series 2 group of blocks.

Strings returned in this data block are not always null-terminated (that is, the string characters are not 
always followed by a 0).

The following diagram shows the format of the String data block:

The following table describes the fields of the String data block.

The eStreamer service uses the BLOB data block to convey binary data. For example, host discovery 
records use the BLOB block to hold captured server banners. The BLOB data block has a block type of 
1 in the series 2 group of blocks.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Data Block Type (0)

Data Block Length

String Data...

Data Block Type

uint32

Initiates a String data block. This value is always 

0

.

Data Block Length

uint32

Combined length in bytes of the string data block header and string 
data.

String Data

string

Contains the string data and may contain a terminating character 
(null byte) at the end of the string.