Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
B-95
FireSIGHT eStreamer Integration Guide
Appendix B Understanding Legacy Data Structures
Legacy Connection Data Structures
Connection Chunk Data Block for 5.0 - 5.1
The Connection Chunk data block conveys connection data detected by a NetFlow device. The
Connection Chunk data block has a block type of 66 for pre-4.10.1 versions. For versions 5.0 - 5.1, it
has a block type of 119.
Connection Chunk data block has a block type of 66 for pre-4.10.1 versions. For versions 5.0 - 5.1, it
has a block type of 119.
The following diagram shows the format of the Connection Chunk data block:
The following table describes the components of the Connection Chunk data block:
Byt
e
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Connection Chunk Block Type (66 | 119)
Connection Chunk Block Length
Initiator IP Address
Responder IP Address
Start Time
Application ID
Responder Port
Protocol
Connection Type
NetFlow Detector IP Address
Packets Sent
Packets Received
Bytes Sent
Bytes Received
Connections
Table B-22
Connection Chunk Data Block Fields
Field
Data Type
Description
Connection Chunk
Block Type
Block Type
uint32
Initiates a Connection Chunk data block. This value is
66
for
versions before 4.10.1 and a value of
119
for version 5.0.
Connection Chunk
Block Length
Block Length
uint32
Total number of bytes in the Connection Chunk data block,
including eight bytes for the connection chunk block type and
length fields, plus the number of bytes in the connection chunk
data that follows.
including eight bytes for the connection chunk block type and
length fields, plus the number of bytes in the connection chunk
data that follows.