A set of miscellaneous network inspectors for packet analysis, performance
monitoring, policy binding, etc.  They are grouped here as they operate and
the network and/or IP protocol layer.

The collection includes:

binder - The flow to config mapping (policy selection)

arp_spoof - Monitor ARP requests/replies for consistency.  Locate spoofing
attempts and ARP cache inconsistancies

port_scan - A tool to attempt to locate IP port scanning activity.

perf_monitor - Although not strictly a network inspector, this module
monitors Snort++ performance criteria.  Implemented as a network_inspector
as it processes each valid packet.

normalize - A collection of IP/ICMP/TCP and potentially UDP frame level
normalizations.

packet_capture - A tool for dumping the wire packets that Snort receives.

snort_ml - Machine learning based exploit detector capable of detecting novel
attacks fitting known vulnerability types. SnortML uses a neural network
provided by a model file to detect exploit patterns. The SnortML module
subscribes to HTTP events published by the HTTP inspector, performs inference
on HTTP queries/posts, and generates events if the neural network detects
an exploit.

This entire set of inspectors is instantiated as a group via
network_inspectors.cc

