Any quick hints on how to match misc TCP header fields such as the window size? This new "worm" out there that sends portscans from spoofed IP addresses setting window size to 55808 is pretty interesting. I've captured some interesting traffic with that window size using tcpdump. How to do the same using netfilter? Quick search on the manpage didn't reveal anything related. Same result with a quick google query. Elver
