a odd problem

    I encounter a odd problem when i run *bro* today.

    # ./bro my -w /home/zw/bro09171617.dump

Flags need to come before policy scripts. It's interpreting "-w" and
"/home/zw/bro09171617.dump" as scripts to interpret. I would've expected
it to stop by saying "error: can't open -w" (that's what it does for me),
unless you happen to have a file "-w" in your Bro searchpath. Do you
have such a file? Can you send me the tcpdump trace file, so I can see
if I can reproduce this?


Hi Vern,
    I ran the following command,not set "-w" switch,and still generated the output.
    So I feel very confused.
    [cliff@oradata bro-pub-0.9a3]$ ./bro mt -i eth0
    input in flex scanner failed
   [cliff@oradata bro-pub-0.9a3]$ ./bro -i eth0 mt
   input in flex scanner failed

mt.bro is as follwoing:
# $Id: mt.bro,v 2004/04/30 00:31:28 jason Exp $

@load log
@load dns-lookup
@load hot
@load frag
@load tcp
@load scan
@load weird
@load finger
@load ident
@load ftp
@load login
@load portmapper
@load ntp
@load tftp