Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
4-72
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Server Banner Data Block
The Server Banner data block provides information about the banner for a server running on a host. It
contains the server port, protocol, and the banner data. The Server Banner data block has a block type
of 37 in the series 1 group of blocks.
contains the server port, protocol, and the banner data. The Server Banner data block has a block type
of 37 in the series 1 group of blocks.
The following diagram shows the format of the Server Banner data block.
Note
An asterisk(*) next to a block type field in the following diagram indicates the message may contain zero
or more instances of the series 1 data block.
or more instances of the series 1 data block.
The following table describes the fields of the Server Banner data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Server Banner Block Type (37)
Server Banner Block Length
Port
Protocol
BLOB Block Type
Svr Banne
r (Blob)
BLOB Block Type (10), cont.
BLOB Length
BLOB Length, cont.
Server Banner Data...
Server Banner Data, cont.....
Table 4-37
Server Banner Data Block Fields
Field
Data Type
Description
Server Banner
Block Type
Block Type
uint32
Initiates a Server Banner data block. This value is always
37
.
Server Banner
Block Length
Block Length
uint32
Total number of bytes in the Server Banner data block, including the
eight bytes in the server banner block type and length fields, plus the
number of bytes of data that follows.
eight bytes in the server banner block type and length fields, plus the
number of bytes of data that follows.
Port
uint16
Port number on which the server runs.
Protocol
uint8
Protocol number for the server.
BLOB Block
Type
Type
uint32
Initiates a BLOB data block containing server banner data. This value
is always
is always
10
.
Length
uint32
Total number of bytes in the BLOB data block (typically 264 bytes).
Banner
byte[
n
]
First
n
bytes of the packet involved in the server event, where
n
is equal
to or less than 256.