A note on using netlog-1.2 in regards to the CA-95:01 advisory. The current version will *NOT* see any packets that have IP options in them. This includes source routed packets. You should disable forwarding source routed packets at your router to reduce the likelyhood that netlog will miss connections. Also, this is the command you probably want (two examples): Keep log of all TCP connections and postprocess: ./tcplogger -b -f outputfile& ./extract -e 'srcnet=100.100.0.0 && dstnet=100.100.0.0{print}' -d outputfile (Of course, you should change 100.100.0.0 to be your IP network). Log only those packets of interest: ./tcplogger -b | ./extract -Ue 'srcnet=100.100.0.0 && dstnet=100.100.0.0 {print}' -d - dls