Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
129
Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
Chapter 3
ICMP Code Data Block
The eStreamer service uses the ICMP Code data block to contain information
about access control policy rule IDs. This data block has a record type of 270, and
block type of 20 in series 2.
The following diagram shows the structure of the Access Control Policy Rule ID
The following diagram shows the structure of the Access Control Policy Rule ID
metadata block.
Protocol
uint16
IANA-specified protocol number. For example:
• 0 — IP
• 0 — IP
• 1 — ICMP
• 6 — TCP
• 17 — UDP
and so on.
and so on.
String Block
Type
uint32
Initiates a String data block containing the
description of the ICMP type. This value is
always 0.
String Block
Length
uint32
The number of bytes included in the name
String data block, including eight bytes for the
block type and header fields plus the number
of bytes in the Description field.
Description
string
Description of the ICMP type for the event.
ICMP Type Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (270)