Cisco Cisco Firepower Management Center 2000 Guia Do Programador

The connection statistics data block is used in connection data messages. Changes to the connection data 
block between versions 5.1 and 5.1.1 include the addition of new fields to identify associated intrusion 
events. The connection statistics data block for version 5.1.1.x has a block type of 137. It deprecates 
block type 126, 

.

 For more information on the Connection Statistics Data message, see 

The following diagram shows the format of a Connection Statistics data block for 5.1.1:

::

Initiator IP Address

uint8[4]

IP address of the host that initiated the connection, in IP address 
octets.

Responder IP 
Address

uint8[4]

IP address of the host that responded to the initiating host, in IP 
address octets.

Start Time

uint32

The starting time for the connection chunk. 

Application ID

uint32

Application identification number for the application protocol 
used in the connection.

Responder Port

uint16

The port used by the responder in the connection chunk. 

Protocol

uint8

The protocol for the packet containing the user information. 

Connection Type

uint8

The type of connection. 

Source Device IP 
Address

uint8[4]

IP address of the NetFlow device that detected the connection, in 
IP address octets.

Packets Sent

uint32

The number of packets sent in the connection chunk. 

Packets Received

uint32

The number of packets received in the connection chunk. 

Bytes Sent

uint32

The number of bytes sent in the connection chunk. 

Bytes Received

uint32

The number of bytes received in the connection chunk. 

Connections

uint32

The number of connections made in the connection chunk. 

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Connection Data Block Type (137)

Connection Data Block Length

Device ID

Ingress Zone

Ingress Zone, continued