Cisco Cisco Firepower Management Center 2000 开发者指南
4-85
FireSIGHT eStreamer Integration Guide
Chapter 4 Understanding Discovery & Connection Data Structures
Host Discovery and Connection Data Blocks
The following table describes the fields of the User Protocol data block.
User Client Application Data Block for 5.1.1+
The User Client Application data block contains information about the source of the client application
data, the identification number for the user who added the data, and the lists of IP address range data
blocks. The payload ID, which was added in Version 5.3.1, specifies the application instance associated
with the record. The User Client Application data block has a block type of 138 in the series 1 group of
blocks. It replaces block type 59.
data, the identification number for the user who added the data, and the lists of IP address range data
blocks. The payload ID, which was added in Version 5.3.1, specifies the application instance associated
with the record. The User Client Application data block has a block type of 138 in the series 1 group of
blocks. It replaces block type 59.
Table 4-46
User Protocol Data Block Fields
Field
Number of
Bytes
Bytes
Description
User Protocol
Block Type
Block Type
uint32
Initiates a User Protocol data block. This value is always
57
.
User Protocol
Block Length
Block Length
uint32
Total number of bytes in the User Protocol data block, including eight
bytes for the user protocol block type and length fields, plus the number
of bytes of user protocol data that follows.
bytes for the user protocol block type and length fields, plus the number
of bytes of user protocol data that follows.
Generic List
Block Type
Block Type
uint32
Initiates a Generic List data block comprising IP Range Specification
data blocks conveying IP address range data. This value is always
data blocks conveying IP address range data. This value is always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List data block, including the list header
and all encapsulated IP Range Specification data blocks.
and all encapsulated IP Range Specification data blocks.
IP Range
Specification
Data Blocks *
Specification
Data Blocks *
variable
IP Range Specification data blocks containing information about the IP
address ranges for the user input. See
address ranges for the user input. See
for a description of this data block.
Generic List
Block Type
Block Type
uint32
Initiates a Generic List data block comprising MAC Range
Specification data blocks conveying MAC address range data. This
value is always
Specification data blocks conveying MAC address range data. This
value is always
31
.
Generic List
Block Length
Block Length
uint32
Number of bytes in the Generic List data block, including the list header
and all encapsulated MAC Range Specification data blocks.
and all encapsulated MAC Range Specification data blocks.
MAC Range
Specification
Data Blocks *
Specification
Data Blocks *
variable
MAC Range Specification data blocks containing information about the
MAC address ranges for the user input. See
MAC address ranges for the user input. See
for a description of this data block.
Protocol Type
uint8
Indicates the type of the protocol. The protocol can be either
0
, for a
network layer protocol such as IP, or
1
for a transport layer protocol
such as TCP or UDP.
Protocol
uint16
Indicates the protocol for the data contained in the data block.