Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
224
Understanding Discovery & Connection Data Structures
Understanding Discovery (Series 1) Blocks
Chapter 4
Understanding Discovery (Series 1) Blocks
Most discovery and connection events incorporate one or more data blocks from
the series 1 group of data structures. Each series 1 data block type conveys a
particular type of information. The block type number appears in the data block
header which precedes the data in the block. For information on block header
Series 1 Data Block Header
The series 1 data block header, like the series 2 block header, has two 32-bit
integer fields that contain the block’s type number and the block length.
IMPORTANT!
The data block length field contains the number of bytes in the
entire data block, including the eight bytes of the two data block header fields.
For some block series 1 types, the block header is followed immediately by raw
data. In more complex block types, the header may be followed by standard fixed
length fields or by the header of a series 1 primitive block that encapsulates
another series 1 data block or list of blocks.
Byte
0
1
2
3
Bit
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Discovery Event Header
User Login Information Data Block
Byte
0
1
2
3
Data Block Type
Data Block Length