Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
4-144
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Mobile Device Information Data Block for 5.1+
The following diagram shows the format of a Mobile Device Information data block. The data block
contains the last time the host was detected, mobile device information, and whether the mobile device
is jailbroken. The Mobile Device Information data block has a block type of 131 in the series 1 group of
blocks.
contains the last time the host was detected, mobile device information, and whether the mobile device
is jailbroken. The Mobile Device Information data block has a block type of 131 in the series 1 group of
blocks.
Fingerprint Source
Type
Type
uint32
Indicates the type (i.e., user or scanner) of the source that supplied
the operating system fingerprint.
the operating system fingerprint.
Fingerprint Source
ID
ID
uint32
Identification number that maps to the login name of the user that
supplied the operating system fingerprint.
supplied the operating system fingerprint.
Last Seen
uint32
Indicates when the fingerprint was last seen in traffic.
TTL Difference
uint8
Indicates the difference between the TTL value in the fingerprint
and the TTL value seen in the packet used to fingerprint the host.
and the TTL value seen in the packet used to fingerprint the host.
Generic List Block
Type
Type
uint32
Initiates a Generic List data block. This value is always
31
.
Generic List Block
Length
Length
uint32
Number of bytes in the Generic List block and encapsulated data
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
blocks. This number includes the eight bytes of the generic list
block header fields, plus the number of bytes in all of the
encapsulated data blocks.
Mobile Device
Information Data
Blocks
Information Data
Blocks
variable
Encapsulated Mobile Device Information data blocks up to the
maximum number of bytes in the list block length. See
maximum number of bytes in the list block length. See
description of this data block.
Table 4-79
Operating System Fingerprint Data Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Mobile Device Information Block Type (131)
Mobile Device Information Block Length
Mobile Device
Data
String Block Type (0)
String Block Length
Mobile Device String Data...
Mobile Device Last Seen
Mobile
Jailbroken