How to use this site:First read the two introductions - "UDP Example (Intro, part 1)" and "TCP Example (Intro, part 2)" - in that order. This documentation shows how Snort++ processes UDP and TCP sessions. Next, look at the "Snort++ packet viewer" tool. The packet viewer runs Snort++ in the background to generate debugging information that helps show what Snort++ does with each packet in a TCP session. The packet viewer shows the pseudo packets that are generated as well as which Inspectors and MPSEs are invoked for each packet, real and pseudo. (The amount of debugging will increase in the future.)
The other links go into more detail.
A note about the Snort++ version:The packet viewer uses a modified version of Snort++ version 3.0.0 (Build 239) from 2.9.8-383 to generate its debugging information. In the future, the lag between the version that the packet viewer uses and the current version of Snort++ should decrease. (That being said, I think that a security analyst should have a choice. He/she should be able to either compile and use Snort++ as a normal desktop application that - after uploading a PCAP file - produces extensive debugging information in a manner that is easy for an analyst to understand, as the packet viewer attempts to do, or to compile and use Snort++ as a daemon/service on a server - which is currently the only option. Hopefully, one day, this will be the case.)