> Any quick hints on how to match misc TCP header fields such as the window > size? This new "worm" out there that sends portscans from spoofed IP > addresses setting window size to 55808 is pretty interesting. Funny that you mention it, out of the blue and curiosity I once made a tcp window match, but never told anyone as that kind of match seemed useless. > some interesting traffic with that window size using tcpdump. How to do the > same using netfilter? Quick search on the manpage didn't reveal anything > related. Same result with a quick google query. If you are interested I will look for it on my hdd. Regards, Maciej
