This is the section everyone wants. (Well since only 3 out of 60 people left the room when Marty started talking about it in the Snort BOF, I will assume everyone wants it.) Plugins are the easy way to making snort do more. They allow individuals to add complex detection capabilities to the detection engine, do odd things with incoming packets, and even stranger things with the alert output. (Is anyone planning on writing an output plugin that drives the audio synth?) They can be written in any language that is capable of producing linkable object code (come on you Fortran junkies, lets see some plugins). And best of all, they are not too complicated to write. In the following sections I will go over the various required parts of a plugin and what must be done to incorporate it into snort. If possible, I will develop an actual plugin while explaining it.