I know that bro runs on almost all the OSs like
OpenBSD/Linux/Sloaris etc.But from your experience, on which OS does bro run/execute
fastest ? i mean the time taken considering the whole system including
bro and libpcap..It is just to get an opinion regarding the matter.
It will surely depend on the fact that on some OSs libpcap executes
faster and so one but could you give a general observation ...
I run it just under FreeBSD. I would expect that it runs *much* better
on systems that have kernel packet filters that libpcap knows how to take
advantage of, which pretty much means BPF systems like *BSD.
Vern