diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc
index db9774cfd5..32b3790c59 100644
--- a/src/analyzer/protocol/tcp/TCP.cc
+++ b/src/analyzer/protocol/tcp/TCP.cc
@@ -761,6 +761,17 @@ void TCP_Analyzer::UpdateInactiveState(double t,
 			// consider the ack as forming a partial
 			// connection.
 			;
+
+		else if ( flags.ACK() && peer->state == TCP_ENDPOINT_ESTABLISHED )
+			{
+			// No SYN packet from originator but SYN/ACK from
+			// responder, and now a pure ACK. Problably means we
+			// just missed that initial SYN. Let's not treat it
+			// as partial and instead establish the connection.
+			endpoint->SetState(TCP_ENDPOINT_ESTABLISHED);
+			is_partial = 0;
+			}
+
 		else
 			{
 			endpoint->SetState(TCP_ENDPOINT_PARTIAL);
diff --git a/testing/btest/Baseline/core.history-flip/conn.log b/testing/btest/Baseline/core.history-flip/conn.log
index 5cf5aa4ba5..30564b074f 100644
--- a/testing/btest/Baseline/core.history-flip/conn.log
+++ b/testing/btest/Baseline/core.history-flip/conn.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	conn
-#open	2016-07-08-21-54-45
+#open	2016-07-12-00-18-19
 #fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
 #types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
-1128727435.633408	CXWv6p3arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	tcp	-	1.550793	98	9417	SF	-	-	0	^hADdFaf	11	670	10	9945	(empty)
-#close	2016-07-08-21-54-45
+1128727435.633408	CXWv6p3arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	-	-	0	^hADdFaf	11	670	10	9945	(empty)
+#close	2016-07-12-00-18-19
diff --git a/testing/btest/Baseline/core.tcp.missing-syn/conn.log b/testing/btest/Baseline/core.tcp.missing-syn/conn.log
new file mode 100644
index 0000000000..839243af43
--- /dev/null
+++ b/testing/btest/Baseline/core.tcp.missing-syn/conn.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	conn
+#open	2016-07-12-00-09-49
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	proto	service	duration	orig_bytes	resp_bytes	conn_state	local_orig	local_resp	missed_bytes	history	orig_pkts	orig_ip_bytes	resp_pkts	resp_ip_bytes	tunnel_parents
+#types	time	string	addr	port	addr	port	enum	string	interval	count	count	string	bool	bool	count	string	count	count	count	count	set[string]
+1128727435.633408	CXWv6p3arKYeMETxOg	141.42.64.125	56730	125.190.109.199	80	tcp	http	1.550793	98	9417	SF	-	-	0	^hADdFaf	11	670	10	9945	(empty)
+#close	2016-07-12-00-09-49
diff --git a/testing/btest/core/tcp/missing-syn.bro b/testing/btest/core/tcp/missing-syn.bro
new file mode 100644
index 0000000000..f34767eee8
--- /dev/null
+++ b/testing/btest/core/tcp/missing-syn.bro
@@ -0,0 +1,2 @@
+# @TEST-EXEC: bro -C -r $TRACES/tcp/missing-syn.pcap %INPUT
+# @TEST-EXEC: btest-diff conn.log