Patches to provide full TCP flag-logging capabilities exist for the ipchains firewall code in the 2.2.x Linux kernel series. For examples, see the Linux-Kernel Archive from 12/01/2000 to 12/07/2000, available at Within this archive is a thread entitled “[PATCH] ipchains log will show all flags”, which contains a source code diff against linux-2.2.x/net/ipv4/ip_fw.c.

The best place for information on the vagaries of TCP is straight from the horse's mouth in RFC: 793—Transmission Control Protocol,

For a sample psad e-mail alert see Listing 4 at

Items on the to-do list for psad include: ipfilter support on *BSD platforms, a rewrite of significant psad components in C for better performance, ICMP support, better signature specification to include more fields of the IP/UDP/TCP headers and integration with Bastille Linux (see