Inspectors
The Snort 3 system performs in-depth analysis for a wide range of network protocols. It does traffic analysis on Protocol Data Units (PDUs) rather than packets. This protocol analysis logic is implemented as pluggable modules called inspectors.
Inspectors, as the backbone of Snort 3, play a pivotal role in its functioning. From a functionality standpoint, inspectors can be seen like the preprocessors in Snort 2. In other words, inspectors may be considered the successor of the preprocessor.
Snort 3 has a modular architecture, and each inspector is implemented as a plugin. Before we delve into the various modules implemented as inspectors, we should discuss inspectors in general. In this chapter, we’re going to cover the following main topics:
- The role of inspectors
- Types of inspectors
- Snort 3 inspectors