Dear Prof.
1.I have read some source code of Bro. And confused about the state diagram (or called event sequence diagram). Would you do me a favour , send the state diagram to me. It will help me to understand the Bro'work.
2.How the functions and events difined in *.bro , are been used in *.cc . Is there some function like: call_event ( event bro_event, ... ) , call_function ( function bro_function, ...) .
3.There is some table defined like this : global active_conn: table[conn_id] of connection;
...
active_conn[c$id] = c; //???But the type of c$id is not a int.How large
//the active_conn is? ...
4.When I invoke Bro : ./bro -i eth0 stepping.bro, it does not print the information about stepping stone until the link is terminated. Is there some way to report the stepping stone when the stepping stone is active( real time).
So much question, 
Excuse for my poor english.Maybee I did not put my puestion well.
Looking forward for your help.
Have a nice day.
Cloud