I worked up a set of notes to share with Tritium Cat as a result of this thread:
http://mailman.icsi.berkeley.edu/pipermail/bro/2012-July/005676.html
I've decided to share those notes to benefit the community. My notes
are giant brain dump in an html file that I put together very quickly.
My apologies for the terrible formatting. I posted a copy at:
http://ec2-50-19-133-29.compute-1.amazonaws.com/
Please contact me off list if you'd like you're own copy.
-Chris