*** trace.c.orig	Tue Jul 23 21:33:18 2002
--- trace.c	Wed Mar 12 15:02:32 2003
***************
*** 652,657 ****
--- 652,662 ----
  	   if (!run_continuously) { 
  	    /* check for NEW connection on these same endpoints */
  	    /* 1) At least 4 minutes idle time */
+ 	     /*  REMOVED that rule since idle connections were getting
+ 		 strangely split and I was missing important data when
+ 		 relying on tcptrace to split TCP connections.  If I
+ 	         get memory issues I'll know to trim down the capture
+ 		 file before splitting.  -- Steve Bonds.  Mar 12 2003 */
  	    /*  OR */
  	    /* 2) heuristic (we might miss some) either: */
  	    /*    this packet has a SYN */
***************
*** 681,689 ****
  		       SEQ_LESSTHAN(ntohl(ptcp->th_seq),thisdir->syn));
  	    } 
  
! 	    if (/* rule 1 */
! 		(elapsed(ptp->last_time,current_time)/1000000 > (4*60))
! 		|| /* rule 2 */
  		((SYN_SET(ptcp)) && 
  		 (((thisdir->fin_count >= 1) ||
  		   (otherdir->fin_count >= 1)) ||
--- 686,693 ----
  		       SEQ_LESSTHAN(ntohl(ptcp->th_seq),thisdir->syn));
  	    } 
  
! 	    if (/* rule 1 REMOVED */
! 		/* rule 2 */
  		((SYN_SET(ptcp)) && 
  		 (((thisdir->fin_count >= 1) ||
  		   (otherdir->fin_count >= 1)) ||