Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

583

Understanding Legacy Data Structures

Legacy Connection Data Structures

Appendix B

The 

 table describes the 

fields of the Connection Statistics data block returned by 4.9.1 - 4.10.x1

Domain  Name

String Block Type (0)

String Block Length

Domain Name....

Payload Type

Payload ID

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11

1

2

1

3

1

4

1

5

1

6

1

7

1

8

1

9

2

0

2

1

2

2

2

3

2

4

2

5

2

6

2

7

2

8

2

9

3

0

3

1

Connection Statistics Data Block 4.9.1 - 4.10.1 Fields 

Connection 

Statistics 

Data Block 

Type

uint32

Initiates a Connection Statistics data block for 

4.9.1+. The value is always 101.

Connection 

Statistics 

Data Block 

Length

uint32

Number of bytes in the Connection Statistics 

data block, including eight bytes for the 

connection statistics block type and length fields, 

plus the number of bytes in the connection data 

that follows.

Initiator IP 

Address

uint8[4]

IP address of the host that initiated the session 

described in the connection event, in IP address 

octets.

Responder IP 

Address

uint8[4]

IP address of the host that responded to the 

initiating host, in IP address octets.

Initiator Port

uint16

Port used by the initiating host.

Responder 

Port

uint16

Port used by the responding host.

First Packet 

Timestamp

uint32

UNIX timestamp that represents the date and 

time that the first packet was exchanged in the 

session.