Cisco Cisco Firepower Management Center 2000 Guide Du Développeur
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
341
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
The
table describes the fields of
the operating system fingerprint data block.
Operating System Fingerprint Data Block Fields
F
IELD
D
ATA
T
YPE
D
ESCRIPTION
Operating
System
Fingerprint
Data Block
Type
uint32
Initiates the operating system data block. This
value is always 130.
Operating
System Data
Block Length
uint32
Number of bytes in the Operating System
Fingerprint data block, including eight bytes for
the Operating System Fingerprint Data Block
block type and length, plus the number of bytes
in the Operating System Fingerprint data that
follows.
Fingerprint
UUID
uint8[16]
Fingerprint identification number, in octets, that
acts as a unique identifier for the operating
system. The fingerprint UUID maps to the
operating system name, vendor, and version in
the vulnerability database (VDB).
Fingerprint
Type
uint32
Indicates the type of fingerprint.
Fingerprint
Source Type
uint32
Indicates the type (i.e., user or scanner) of the
source that supplied the operating system
fingerprint.
Fingerprint
Source ID
uint32
Identification number that maps to the login
name of the user that supplied the operating
system fingerprint.
Last Seen
uint32
Indicates when the fingerprint was last seen in
traffic.
TTL Difference
uint8
Indicates the difference between the TTL value
in the fingerprint and the TTL value seen in the
packet used to fingerprint the host.
Generic List
Block Type
uint32
Initiates a Generic List data block. This value is
always 31.