the initial SYN


initial sequence number (ISN)
needs to be tracked to verify subsequent packets
should not be guessable
protection from blind attacks
remember the BGP RST attack 2004

maximum segment size (MSS)
max payload, MTU minus headers
only in the SYN, needs to be stored

selected acknowledgement support (SACK)
only in SYN, needs to be stored

window scaling (WSCALE)
only in SYN, needs to be stored