Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
4-111
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the Secondary Host Update data block.
Web Application Data Block for 5.0+
The Web Application data block for 5.0+ has a block type of 123 in the series 1 group of blocks. The
data block describes the web application from detected HTTP client requests.
data block describes the web application from detected HTTP client requests.
The following diagram shows the format of a Web Application data block in 5.0+.
Table 4-66
Secondary Host Update Data Block Fields
Field
Data Type
Description
Secondary Host
Update Block Type
Update Block Type
uint32
Initiates a Secondary Host Update data block. This value is always
96
.
Secondary Host
Update Block
Length
Update Block
Length
uint32
Number of bytes in the Secondary Host Update data block,
including eight bytes for the secondary host update block type and
length fields, plus the number of bytes of secondary host update data
that follows.
including eight bytes for the secondary host update block type and
length fields, plus the number of bytes of secondary host update data
that follows.
IP Address
uint8[4]
IP address of the host described in the update, in IP address octets.
List Block Type
uint32
Initiates a List data block comprising Host MAC Address data
blocks conveying host MAC address data. This value is always
blocks conveying host MAC address data. This value is always
11
.
List Block Length
uint32
Number of bytes in the list. This number includes the eight bytes of
the list block type and length fields, plus all encapsulated Host MAC
Address data blocks.
the list block type and length fields, plus all encapsulated Host MAC
Address data blocks.
This field is followed by zero or more Host MAC Address data
blocks.
blocks.
Host MAC Address
Block Type
Block Type
uint32
Initiates a Host MAC Address data block describing the secondary
host. This value is always
host. This value is always
95
.
Host MAC Address
Data Block Length
Data Block Length
uint32
Number of bytes in the Host MAC Address data block. This value
should always be
should always be
20
: eight bytes for the data block type and length
fields, one byte for the TTL value, six bytes for the MAC address,
one byte for the primary subnet, and four bytes for the last seen
value.
one byte for the primary subnet, and four bytes for the last seen
value.
Host MAC Address
Data Blocks
Data Blocks
string
Information related to MAC addresses of hosts in the update.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Web Application Data Block Type (123)
Web Application Data Block Length
Application ID