Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

341

Understanding Discovery & Connection Data Structures

Host Discovery and Connection Data Blocks

Chapter 4

The 

 table describes the fields of 

the operating system fingerprint data block.

Operating System Fingerprint Data Block Fields 

Operating 

System 

Fingerprint 

Data Block 

Type

uint32

Initiates the operating system data block. This 

value is always 130.

Operating 

System Data 

Block Length

uint32

Number of bytes in the Operating System 

Fingerprint data block, including eight bytes for 

the Operating System Fingerprint Data Block 

block type and length, plus the number of bytes 

in the Operating System Fingerprint data that 

follows.

Fingerprint 

UUID

uint8[16]

Fingerprint identification number, in octets, that 

acts as a unique identifier for the operating 

system. The fingerprint UUID maps to the 

operating system name, vendor, and version in 

the vulnerability database (VDB).

Fingerprint 

Type

uint32

Indicates the type of fingerprint.

Fingerprint 

Source Type

uint32

Indicates the type (i.e., user or scanner) of the 

source that supplied the operating system 

fingerprint.

Fingerprint 

Source ID

uint32

Identification number that maps to the login 

name of the user that supplied the operating 

system fingerprint.

Last Seen

uint32

Indicates when the fingerprint was last seen in 

traffic.

TTL Difference

uint8

Indicates the difference between the TTL value 

in the fingerprint and the TTL value seen in the 

packet used to fingerprint the host.

Generic List 

Block Type

uint32

Initiates a Generic List data block. This value is 

always 31.