Cisco Cisco Firepower Management Center 2000 Guia Do Programador
4-129
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
Full Server Information Data Block
The Full Server Information data block conveys information about a server detected on a host, including
the server’s application protocol, vendor, and version, and the list of its associated sub-servers. For each
sub-server, information is included by a Full Sub-Server data block (see
the server’s application protocol, vendor, and version, and the list of its associated sub-servers. For each
sub-server, information is included by a Full Sub-Server data block (see
). The Full Server Information data block has a block type of 106 in the series 1 group of
blocks.
Note
An asterisk(*) next to a series 1 data block name in the following diagram indicates that multiple
instances of the data block may occur.
instances of the data block may occur.
String Block Length
uint32
Number of bytes in the server version String data block,
including eight bytes for the block type and length fields, plus the
number of bytes in the server version.
including eight bytes for the block type and length fields, plus the
number of bytes in the server version.
Server Version
string
Server version.
Last Time Used
uint32
Indicates when the server information was last used in traffic.
Source Type
uint32
Number that maps to the type of data source:
•
0
if the server data was provided by RNA
•
1
if the server data was provided by a user
•
2
if the server data was provided by a third-party scanner
•
3
if the server data was provided by a command line tool
such as
nmimport.pl
or the Host Input API client
Source ID
uint32
Identification number that maps to the source of the server data.
Depending on the source type, this may map to RNA, a user, a
scanner, or a third-party application.
Depending on the source type, this may map to RNA, a user, a
scanner, or a third-party application.
List Block Type
uint32
Initiates a list of Sub-Server data blocks. This value is always
11
.
List Block Length
uint32
Number of bytes in the List data block, including eight bytes for
the list block type and length fields, plus the number of bytes in
the encapsulated Sub-Server data blocks that follow.
the list block type and length fields, plus the number of bytes in
the encapsulated Sub-Server data blocks that follow.
Sub-Server Block
Type
Type
uint32
Initiates the first Sub-Server data block. This data block can be
followed by other Sub-Server data blocks up to the limit defined
in the list block length field.
followed by other Sub-Server data blocks up to the limit defined
in the list block length field.
Sub-Server Block
Length
Length
uint32
Total number of bytes in each Sub-Server data block, including
the eight bytes in the Sub-Server block type and length fields,
plus the number of bytes of data that follows.
the eight bytes in the Sub-Server block type and length fields,
plus the number of bytes of data that follows.
Sub-Server Data
variable
Sub-server data as documented in
Table 4-72
Server Information Data Block Fields (continued)
Field
Data Type
Description