Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
281
Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Chapter 4
User Server List Data Block
The User Server List data block contains a list of server data blocks from a user
input event. The User Server List data block has a block type of 77 in the series 1
group of blocks. The following diagram shows the basic structure of a User Server
List data block:
List data block:
IP Address
Range
Specification
Data Blocks
variable
Encapsulated IP Address Range Specification
data blocks up to the maximum number of bytes
in the list block length.
Port
uint16
Port used by the server.
Protocol
uint16
IANA protocol number or Ethertype. This is
handled differently for Transport and Network
layer protocols.
Transport layer protocols are identified by the
Transport layer protocols are identified by the
IANA protocol number. For example:
•
6 — TCP
•
17 — UDP
Network layer protocols are identified by the
decimal form of the IEEE Registration Authority
Ethertype. For example:
•
2048 — IP
User Server Data Block Fields (Continued)
F
IELD
N
UMBER
OF
B
YTES
D
ESCRIPTION
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
User Server List Data Block Type (77)
User Server List Block Length
Source Type
Source ID
US
er
Server Blocks
Generic List Block Type (31)
Generic List Block Length
User Server Data Block*