Summary
In this chapter, we discussed the different stream inspectors. The stream inspectors are a set of modules that perform critical and fundamental functions in an IDS/IPS, such as flow tracking, IP defragmentation, and TCP reassembly. The stream inspectors included stream_tcp, stream_ip, stream_udp, and stream_icmp. We discussed the role and functionality of each of these inspector modules and also looked at the configuration parameters relevant to these inspectors. Finally, we discussed the alerts that are generated from them. The chapter presented the stream inspectors, their role, and their importance in the IDS/IPS functionality. This should enable you to tweak the stream inspector configuration as per the needs of your environment or setting.
In the next chapter, we will learn about the HTTP inspector in Snort 3.
