Cisco Cisco Firepower Management Center 2000 Guía Del Desarrollador
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
388
Understanding Host Data Structures
Full Host Profile Data Block 5.3+
Chapter 5
Full Host Profile Data Block 5.3+
The Full Host Profile data block for version 5.3+ contains a full set of data
describing one host. It has the format shown in the graphic below and explained
in the following table. Note that, except for List data blocks, the graphic does not
show the fields of the encapsulated data blocks. These encapsulated data blocks
are described separately in
on page 164. The Full Host Profile data block a block type value of 149.
It supersedes the prior version, which has a block type of 140.
IMPORTANT!
An asterisk (*) next to a block name in the following diagram
indicates that multiple instances of the data block may occur.
The following diagram shows the format of the Full Host Profile data block for
5.3+:
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Full Host Profile Data Block (149)
Data Block Length
Host ID
Host ID, continued
Host ID, continued
Host ID, continued
IP Addresses
List Block Type (11)
List Block Length
IP Address Data Blocks (143)*
Hops
Generic List Block Type (31)
Generic List Block
Type, continued
Generic List Block Length
OS
Der
ived
Fingerprints
Generic List Block
Length, continued
Operating System Fingerprint Block Type (130)*
OS Fingerprint Block
Type (130)*, con’t
Operating System Fingerprint Block Length
OS Fingerprint Block
Length, con’t
Operating System Derived Fingerprint Data...