Anyway, I will try to follow Vern's advice.
If you get some other brilliant idea, please let me know!
> Anyhow, what I really want to know is to do some ID attack ananlsys
> If you have experienced such things with Bro, please let me know.
> I get some tcpdump raw file, but it is not easy to handle Bro for
I'll gladly try to help once I figure out my nagging issues. Hopefully