My puzzles mainly exist in the states managing of bro.
I have noticed that there are C++ code for the implemention of DFA and NFA.
Nevertheless, I could not find where it is invoked.
So I was wondering if anyone could tell me where I can find the use of state machine.
In addition, I also want to know about how bro transfer low level pcap file into high level event.
I have read some information about that of protocol based on TCP or UDP
and been aware that they are implemented by means of binpac tool.
But I still want to know how lower level protocol such as IP or TCP
can transfer pcap packets into bro events.