[Bro] flow-level analysis code

[Vern Paxson]

> I am very interested, but it seems that it is somewhat outside the scope 
> of Bro as a classic NIDS. Reading netflow will make no sense (for Bro) 
> since there is no packet contents.

Actually, I think it does make sense.  Bro can do a fair amount of analysis
based on TCP SYN/FIN/RST packets and UDP request/replies without seeing
packet contents.  For example, its scan detection is driven off of this
level of information.

		Vern