Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

295

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

The following diagram shows the format of an identity data block for 4.9+.

The 

 table describes the fields of the Sourcefire identity 

data block.

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Identity Data Block Type (94)

Identity Data Block Length

Identity Data Source Type

Identity Data Source ID

Identity

 

UUID

Identity UUID

Identity UUID, continued

Identity UUID, continued

Identity UUID, continued

Port

Protocol

Server Map ID

Identity Data Block Fields 

Identity Data 

Block Type

uint32

Initiates the Identity data block. This value is 

always 94.

Identity Data 

Block Length

uint32

Number of bytes in the Identity data block. This 

value should always be 40: sixteen bytes for the 

data block type and length fields and the source 

type and ID fields, sixteen bytes for the 

fingerprint UUID value, two bytes for the port, 

two bytes for the protocol, and four bytes for 

the SM ID.