Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
4-110
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the Host MAC Address data block.
Secondary Host Update
The Secondary Host Update data block contains information for a host sent as a secondary host update
from a device monitoring a subnet other than that where the host resides. It is used within Change
Secondary Update events (event type 1001, subtype 31). The Secondary Host Update data block has a
block type of 96 in the series 1 group of blocks.
from a device monitoring a subnet other than that where the host resides. It is used within Change
Secondary Update events (event type 1001, subtype 31). The Secondary Host Update data block has a
block type of 96 in the series 1 group of blocks.
The following diagram shows the format of a Secondary Host Update data block:
Table 4-65
Host MAC Address Data Block Fields
Field
Data Type
Description
Host MAC Address
Data Block Type
Data Block Type
uint32
Initiates the Host MAC Address data block. This value is always
95
.
Host MAC Address
Data Block Length
Data Block Length
uint32
Number of bytes in the Host MAC Address data block. This value
should always be
should always be
20
: eight bytes for the data block type and length
fields, one byte for the TTL value, 6 bytes for the MAC address,
one byte for the primary subnet, and four bytes for the last seen
value.
one byte for the primary subnet, and four bytes for the last seen
value.
TTL
uint8
Indicates the difference between the TTL value in the packet used
to fingerprint the host.
to fingerprint the host.
MAC Address
uint8 [6]
Indicates the MAC address of the host.
Primary
uint8
Indicates the primary subnet of the host.
Last Seen
uint32
Indicates when the host was last seen in traffic.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Secondary Host Update Block Type (96)
Secondary Host Update Block Length
IP Address
List Block Type (11)
Host MAC
Address List
List Block Length
Host MAC
Address List
Host MAC Address Block Type (95)
Host MAC Address Block Length
Host MAC Address Data Blocks...