Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
577
Understanding Legacy Data Structures
Legacy Connection Data Structures
Appendix B
Legacy Connection Data Structures
For more information, see the following sections:
•
•
•
•
•
•
•
Connection Statistics Data Block for 4.7 - 4.9.0.x
The Connection Statistics data block is used in Connection Data messages.
Changes to the Connection Statistics data block between 3.5 and 4.7 include the
use of a server identification number rather than a server name and the addition
of a client application type identification number and a domain name string. The
Connection Statistics data block for 4.7 - 4.9.0 has a block type of 56.
Fingerprint
UUID
uint8[16]
Fingerprint identification number, in octets, that
acts as a unique identifier for the operating
system. The fingerprint UUID maps to the
operating system name, vendor, and version in
the vulnerability database (VDB).
Fingerprint
Type
uint32
Indicates the type of fingerprint.
Fingerprint
Source Type
uint32
Indicates the type (i.e., user or scanner) of the
source that supplied the operating system
fingerprint.
Fingerprint
Source ID
uint32
Indicates the ID of the source that supplied the
operating system fingerprint.
Last Seen
uint32
Indicates when the fingerprint was last seen in
traffic.
TTL Difference
uint8
Indicates the difference between the TTL value
in the fingerprint and the TTL value seen in the
packet used to fingerprint the host.
Operating System Fingerprint Data Block Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION