We're getting a ton of informational packets (tcp build / teardown) from firewalls here. I can kill this at the source (drop to "notification" level, filter out the build / teardown events, etc.) but would rather not throw this stuff away (good clue...