[Bro] using Bro as traffic analyzer.

readon shaw xydarcher at 163.com
Sat Dec 3 23:09:54 PST 2011

I was searching for a long time to find a framework can support fast & custom network traffic analysis.
some specific features of traffic data from monitor, such as interval of SYN and SYN-ACK, should be extracted and grouped by host.
i find Bro is so widely used, which seems can fulfill the requirement.
Can i disable other functions embedded in Bro, and add a plugin myself?
What is the point to archieve this, modify the core .cpp source file or add a .bro file?

