Le jeudi 21 avril 2005 à 09:38 -0700, christopher.f.ulherr@xxxxxxxxxxxxxx a écrit : > I would like to know if there is a way I can log only successful tcp > connections. I'm only interested in successful (established) > connections, and not just syn "connection attempts". I guess what I need > is a way to log a single packet if it caused a state transition from NEW > to ESTABLISHED. It would also be helpful to log the packet that > terminated the connection (state change from established). Have a look at : http://regit.free.fr/nufw/content.php?article.11 We used this in the NuFW project(http://www.nufw.org) to track the state of connections. > In this > manner, we could easily tell what connections were made, and their > duration (and not rely on the userland application to log this info). > > I've looked into using the state matching, but couldn't achieve this > specific functionality with that. > > > Is there some trivial way to accomplish this I am overlooking? > > > Thanks, > Chris >
