Aashish: not quite what I'm looking for, but I do appreciate the link!
I would be looking for something with higher resolution (usec / msec)
that doesn't stop bro when the timer fires.
Vern: yeah, that's still the case as far as I know.
Thanks all!
-Gilbert
On 9/27/2014 3:43 PM, Vern Paxson
For performance concerns, it's not clear that individual packets are the
right granularity to examine. For example, if you stop processing one
packet you might be giving up on any subsequent analysis for the remainder
of its flow, which can have a large amplifying effect (or not) depending
on the
