Cisco Cisco Firepower Management Center 4000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

580

Understanding Legacy Data Structures

Legacy Connection Data Structures

Appendix B

Last Packet

Timestamp

uint32

UNIX timestamp that represents the date and

time that the last packet was exchanged in the

session.

Connection

Type

uint8

Indicates the type of connection.

Source

Device IP

Address

uint8[4]

IP address of the sensor that detected the

connection event, in IP address octets.

TCP Flags

uint8

Indicates any TCP flags for the connection event.

Packets Sent

uint32

Indicates the number of packets transmitted by

the initiating host.

Packets

Received

uint32

Number of packets transmitted by the

responding host.

Bytes Sent

uint32

Number of bytes transmitted by the initiating

host.

Bytes

Received

uint32

Number of bytes transmitted by the responding

host.

Protocol

uint8

Protocol used within the session.

Server ID

uint32

Indicates the identification number for the server.

Client

Application

Type ID

uint32

Identification number of the detected client

application type, if applicable.

Client

Application ID

uint32

Identification number of the detected client

application, if applicable.

String Block

Type

uint32

Initiates a String data block for the client

application version. This value is always 0.

String Block

Length

uint32

Number of bytes in the client application version

String data block, including eight bytes for the

string block type and length fields plus the

number of bytes in the client application version

string.

Connection Statistics Data Block 4.7 - 4.9.0.x Fields (Continued)

IELD

ATA

YPE

ESCRIPTION