Cisco Cisco Firepower Management Center 2000 Guia Do Programador

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

277

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Connection Chunk Data Block for 5.1.1+

The Connection Chunk data block conveys connection data. It stores connection 

log data that aggregates over a five-minute period. The Connection Chunk data 

block has a block type of 136 in the series 1 group of blocks. It supersedes block 

type 119. The following diagram shows the format of the Connection Chunk data 

block:

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Connection Chunk Block Type (136)

Connection Chunk Block Length

Initiator IP Address

Responder IP Address

Start Time

Application Protocol

Responder Port

Protocol

Connection Type

NetFlow Detector IP Address

Packets Sent

Packets Sent, continued

Packets Received

Packets Received, continued

Bytes Sent

Bytes Sent, continued

Bytes Received

Bytes Received, continued

Connections