Руководство Разработчика для Cisco Cisco Firepower Management Center 4000
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
51
Understanding the eStreamer Application Protocol
Host Data and Multiple Host Data Message Format
Chapter 2
Host Data and Multiple Host Data Message Format
eStreamer responds to host requests by sending host data messages, each with
a full host profile data block. eStreamer sends one host data message for each
host specified in the request. eStreamer uses the type 6 message to respond to
requests for a single host profile, and uses the type 7 message to respond to
requests for multiple hosts. The formats of the type 6 and type 7 messages are
identical, only the message type is different.
Host data messages do not have a record type field. The structure of the
identical, only the message type is different.
Host data messages do not have a record type field. The structure of the
message is communicated by the message type and the data block type of the
full host profile included in the message. Full host profile data blocks are in the
series a group of blocks.
The graphic below shows the format of the host data message and the table that
The graphic below shows the format of the host data message and the table that
follows defines the shaded fields:
Flags
32-bit
field
•
0x00000001
— Causes the Notes field of the host
profile to be populated (with user-defined
information about the host stored in the Sourcefire
3D System).
•
0x00000002
— Causes the Banner field of the
service block to be populated (with the first 256
bytes of the first packet detected for the service).
Banners are disabled by default and available only if
configured.
Start IP
Address
uint8[4]
IP address of the host whose data should be returned
(if request is for a single host), or the starting address
in an IP address range (if request is for multiple hosts).
Specify the address in IP address octets.
End IP
Address
uint8[4]
Ending address in an IP address range (if request is for
multiple hosts), or the Start IP Address value (if
request is for single host).
Host Request Message Fields (Continued)
F
IELD
D
ATA
T
YPE
D
ESCRIPTION