Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
3-53
FireSIGHT eStreamer Integration Guide
Chapter 3 Understanding Intrusion and Correlation Data Structures
Understanding Series 2 Data Blocks
ICMP Type Data Block
The eStreamer service uses the ICMP Type data block to contain information about ICMP Types. This
data block has a record type of 260, and a block type of 19 in series 2.
data block has a record type of 260, and a block type of 19 in series 2.
The following diagram shows the structure of the ICMP Type data block.
The following table describes the fields in the ICMP Type data block.
String Block
Length
Length
uint32
The number of bytes included in the name String data block,
including eight bytes for the block type and header fields plus the
number of bytes in the Name field.
including eight bytes for the block type and header fields plus the
number of bytes in the Name field.
Name
string
The descriptive name of the access control policy rule.
Table 3-32
Access Control Policy Rule ID Metadata Block Fields (continued)
Field
Data Type
Description
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Header Version (1)
Message Type (4)
Message Length
Record Type (260)
ICMP Type Data Block Type (19)
ICMP Type Data Block Length
Type
Protocol
Description
String Block Type (0)
String Block Length
Description...
Table 3-33
ICMP Type Data Block Fields
Field
Data Type
Description
ICMP Type Data
Block Type
Block Type
uint32
Initiates an ICMP Type data block. This value is always
19
.
ICMP Type Data
Block Length
Block Length
uint32
Total number of bytes in the ICMP Type data block, including eight
bytes for the ICMP Type data block type and length fields, plus the
number of bytes of data that follows.
bytes for the ICMP Type data block type and length fields, plus the
number of bytes of data that follows.
Type
uint16
The ICMP type of the event.