I would like to know if there is a way I can log only successful tcp connections. I'm only interested in successful (established) connections, and not just syn "connection attempts". I guess what I need is a way to log a single packet if it caused a state transition from NEW to ESTABLISHED. It would also be helpful to log the packet that terminated the connection (state change from established). In this manner, we could easily tell what connections were made, and their duration (and not rely on the userland application to log this info). I've looked into using the state matching, but couldn't achieve this specific functionality with that. Is there some trivial way to accomplish this I am overlooking? Thanks, Chris
