Sniffing with a prog like wireshark, tcpdump, snoop can give huge files to dig in too, not to talk about the space you'd need. I would recommend not going in tcp-flag level debugging unless you are troubleshooting.

What you can do is simply use a firewall. Most nix-base firewalls have nice logging, aside of a proxy and snort IDS, and they log the time sessions have been open, etc, etc ... What more do you need ?

I'd recommend Smoothwall or Astaro from personal experience.

Greetz.