Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
278
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
The
table describes the components of the
Connection Chunk data block.
Connection Chunk Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Connection
Chunk Block
Type
uint32
Initiates a Connection Chunk data block. This
value is always 136.
Connection
Chunk Block
Length
uint32
Total number of bytes in the Connection Chunk
data block, including eight bytes for the
connection chunk block type and length fields,
plus the number of bytes in the connection
chunk data that follows.
Initiator IP
Address
uint8(4)
IP address of the initiator of this type of
connection. This is used with the responder IP
address to identify identical connections.
Responder IP
Address
uint8(4)
IP address of the responder to this type of
connection. This is used with the initiator IP
address to identify identical connections.
Start Time
uint32
The starting time for the connection chunk.
Application
Protocol
uint32
Identification number for the protocol used in
the connection.
Responder
Port
uint16
The port used by the responder in the
connection chunk.
Protocol
uint8
The protocol for the packet containing the user
information.
Connection
Type
uint8
The type of connection.
NetFlow
Detector IP
Address
uint8[4]
IP address of the NetFlow device that detected
the connection, in IP address octets.
Packets Sent
uint64
The number of packets sent in the connection
chunk.
Packets
Received
uint64
The number of packets received in the
connection chunk.