Cisco Cisco Firepower Management Center 4000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

338

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

The 

 table describes the fields of the User 

Vulnerability data block.

User Vulnerability Data Block Fields 

User 

Vulnerability 

Block Type

uint32

Initiates a User Vulnerability data block. This 

value is always 124.

User 

Vulnerability 

Block Length

uint32

Number of bytes in the User Vulnerability data 

block, including eight bytes for the user 

vulnerability block type and length fields, plus 

the number of bytes of user vulnerability data 

that follows.

Generic List 

Block Type

uint32

Initiates a Generic List data block comprising IP 

Range Specification data blocks conveying IP 

address range data. This value is always 31.

Generic List 

Block Length

uint32

Number of bytes in the Generic List data block, 

including the list header and all encapsulated IP 

Range Specification data blocks.

IP Range 

Specification 

Data Blocks *

variable

IP address ranges from user input. See 

for a description of this data block.

Port

uint16

Port used by the server affected by the 

vulnerability. For client application 

vulnerabilities, the value is 0.

Protocol

uint16

IANA protocol number or Ethertype for the 

protocol used by the server affected by the 

vulnerability. This is handled differently for 

Transport and Network layer protocols.
Transport layer protocols are identified by the 

IANA protocol number. For example: 

6 — TCP

17 — UDP

Network layer protocols are identified by the 

decimal form of the IEEE Registration Authority 

Ethertype. For example:

2048 — IP

For client application vulnerabilities, the value is 

0

.