Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
259
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
Operating System Data Block 3.5+
The operating system data block for Version 3.5+ has a block type of 53 in the
series 1 group of blocks. The block includes a fingerprint Universally Unique
Identifier (UUID). The following diagram shows the format of an operating system
data block in 3.5+.
The
Operating System Data Block 3.5+ Fields
table describes the fields of the
v3.5 operating system data block.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Operating System Block Type (53)
Operating System Block Length
Confidence
OS Fingerprint
UUID
Fingerprint UUID
Fingerprint UUID, continued
Fingerprint UUID, continued
Fingerprint UUID, continued
Operating System Data Block 3.5+ Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Operating
System Data
Block Type
uint32
Initiates the operating system data block. This
value is always 53.
Operating
System Data
Block Length
uint32
Number of bytes in the Operating System data
block. This value should always be 28: eight
bytes for the data block type and length fields,
plus four bytes for the confidence value and
sixteen bytes for the fingerprint UUID value.
Confidence
uint32
Confidence percentage value.
Fingerprint
UUID
uint8[16]
Fingerprint identification number, in octets, that
acts as a unique identifier for the operating
system. The fingerprint UUID maps to the
operating system name, vendor, and version in
the Sourcefire database.