[Bro] ConnCompressor, TCP options

[James Swaro]

I am developing a module for offline analysis of bulk traces to detect
and categorize TCP behavior when a retransmission takes place. I was
browsing through ConnCompressor.cc when I read the heading at the top of
the file.

Why is initial packet faked and not passed as originally observed? Is it
something specific about the use of Bro as an IDS?

Can you disable the use of the compressor? If so, how ?

Thanks!

-- 
-James Swaro
-Graduate Student
-Ohio University