Snort 3 inspectors
In this section, we will look at the various specific inspectors that are grouped under the three categories. Let’s use the –-show-plugins command-line option of Snort to list the available inspectors:
./build/src/snort --show-plugins
The above command prints out all the available plugins grouped by types such as Codecs, Inspectors, Search Engine, etc. We find the list of inspectors under the section called Inspectors as shown in the following image:
Figure 8.1 – The list of inspectors (as printed using the ––show-plugins option)
Another useful command that lists all the inspectors with some details about what the inspector does is given next (the entire output of the command is not shown here for brevity):
./build/src/snort --help-plugins | grep inspector inspector::appid: application and service identification inspector::arp_spoof: detect ARP attacks and anomalies inspector::back_orifice:...
