Cisco Cisco Firepower Management Center 4000 开发者指南
4-133
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the Generic Scan Results data block.
Table 4-74
Generic Scan Result Data Block Fields
Field
Number of
Bytes
Bytes
Description
Generic Scan Results
Data Block Type
Data Block Type
uint32
Initiates a Generic Scan Results data block. This value is always
108
.
Generic Scan Results
Block Length
Block Length
uint32
Total number of bytes in the Generic Scan Results data block,
including eight bytes for the generic scan results block type and
length fields, plus the number of bytes of scan results data that
follows.
including eight bytes for the generic scan results block type and
length fields, plus the number of bytes of scan results data that
follows.
Port
uint16
Port used by the server affected by the vulnerabilities in the
results.
results.
Protocol
uint16
IANA protocol number or Ethertype. This is handled differently
for Transport and Network layer protocols.
for Transport and Network layer protocols.
Transport layer protocols are identified by the IANA protocol
number. For example:
number. For example:
•
6
- TCP
•
17
- UDP
Network layer protocols are identified by the decimal form of the
IEEE Registration Authority Ethertype. For example:
IEEE Registration Authority Ethertype. For example:
•
2048
- IP
String Block Type
uint32
Initiates a String data block that contains the sub-server. This
value is always
value is always
0
.
String Block Length
uint32
Number of bytes in the sub-server String data block, including
eight bytes for the block type and length fields, plus the number
of bytes in the sub-server.
eight bytes for the block type and length fields, plus the number
of bytes in the sub-server.
Scan Result
Sub-Server
Sub-Server
string
Sub-server.
String Block Type
uint32
Initiates a String data block that contains the value. This value is
always
always
0
.
String Block Length
uint32
Number of bytes in the value String data block, including eight
bytes for the block type and length fields, plus the number of bytes
in the value.
bytes for the block type and length fields, plus the number of bytes
in the value.
Scan result value
string
Scan result value.
String Block Type
uint32
Initiates a String data block that contains the sub-server. This
value is always
value is always
0
.
String Block Length
uint32
Number of bytes in the sub-server String data block, including
eight bytes for the block type and length fields, plus the number
of bytes in the sub-server.
eight bytes for the block type and length fields, plus the number
of bytes in the sub-server.
Scan Result
Sub-Server
Sub-Server
string
Sub-server (unformatted).
String Block Type
uint32
Initiates a String data block that contains the value. This value is
always
always
0
.