Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

51

Understanding the eStreamer Application Protocol

Host Data and Multiple Host Data Message Format

Chapter 2

Host Data and Multiple Host Data Message Format

eStreamer responds to host requests by sending host data messages, each with 

a full host profile data block. eStreamer sends one host data message for each 

host specified in the request. eStreamer uses the type 6 message to respond to 

requests for a single host profile, and uses the type 7 message to respond to 

requests for multiple hosts. The formats of the type 6 and type 7 messages are 
identical, only the message type is different.
Host data messages do not have a record type field. The structure of the 

message is communicated by the message type and the data block type of the 

full host profile included in the message. Full host profile data blocks are in the 

series a group of blocks.
The graphic below shows the format of the host data message and the table that 

follows defines the shaded fields:

Flags

32-bit 

field

0x00000001

 — Causes the Notes field of the host 

profile to be populated (with user-defined 

information about the host stored in the Sourcefire 

3D System).

0x00000002

 — Causes the Banner field of the 

service block to be populated (with the first 256 

bytes of the first packet detected for the service). 

Banners are disabled by default and available only if 

configured.

Start IP 

Address

uint8[4]

IP address of the host whose data should be returned 

(if request is for a single host), or the starting address 

in an IP address range (if request is for multiple hosts). 

Specify the address in IP address octets.

End IP 

Address

uint8[4]

Ending address in an IP address range (if request is for 

multiple hosts), or the Start IP Address value (if 

request is for single host).

Host Request Message Fields (Continued)