Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

299

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

Web Application Data Block for 5.0+

The Web Application data block for 5.0+ has a block type of 123 in the series 1 

group of blocks. The data block describes the web application from detected 

HTTP client requests. 
The following diagram shows the format of a Web Application data block in 5.0+.

List Block 

Type

uint32

Initiates a List data block comprising Host MAC 

Address data blocks conveying host MAC 

address data. This value is always 11.

List Block 

Length

uint32

Number of bytes in the list. This number includes 

the eight bytes of the list block type and length 

fields, plus all encapsulated Host MAC Address 

data blocks.
This field is followed by zero or more Host MAC 

Address data blocks.

Host MAC 

Address 

Block Type

uint32

Initiates a Host MAC Address data block 

describing the secondary host. This value is 

always 95.

Host MAC 

Address Data 

Block Length

uint32

Number of bytes in the Host MAC Address data 

block. This value should always be 20: eight bytes 

for the data block type and length fields, one byte 

for the TTL value, 6 bytes for the MAC address, 

one byte for the primary subnet, and four bytes 

for the last seen value.

Host MAC 

Address Data 

Blocks

string

Information related to MAC addresses of hosts in 

the update.

Secondary Host Update Data Block Fields (Continued)

Byte

0

1

2

3

Bit

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Web Application Data Block Type (123)

Web Application Data Block Length

Application ID