8 Inspectors

The Snort 3 system performs in-depth analysis for a wide range of network protocols. It does traffic analysis on Protocol Data Units (PDUs) rather than packets. This protocol analysis logic is implemented as pluggable modules called inspectors.

Inspectors, as the backbone of Snort 3, play a pivotal role in its functioning. From a functionality standpoint, inspectors can be seen like the preprocessors in Snort 2. In other words, inspectors may be considered the successor of the preprocessor.

Snort 3 has a modular architecture, and each inspector is implemented as a plugin. Before we delve into the various modules implemented as inspectors, we should discuss inspectors in general. In this chapter, we’re going to cover the following ...

Get IDS and IPS with Snort 3 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

IDS and IPS with Snort 3 by Ashley Thomas

8

Inspectors

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly