> Can Bro capture SIP and RTP traffic irrespective of > port the streams they use? No. For one, Bro doesn't have RTP or SIP analyzers. In addition, it doesn't have the capability to analyze applications that are not running on known ports, though addressing this is on the to-do list and I believe some students are gearing up to tackle it. Vern