> Anyhow, what I really want to know is to do some ID attack ananlsys using Bro. > If you have experienced such things with Bro, please let me know. > I get some tcpdump raw file, but it is not easy to handle Bro for offline > test. I'll gladly try to help once I figure out my nagging issues. Hopefully that will be before Tuesday. john