TCP packet filter based on TCP sequence
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html
Moving on to the TCP header
Let's say I'd like to look at bytes 4-7 of the TCP header (the TCP sequence number)...
The final expression (check for TCP, check for unfragmented packet or first fragment, and jump over the IP header, checking that bytes 4-7 of the TCP header are equal to 41) is:
iptables -m u32 --u32 "6&0xFF=0x6 && 4&0x1FFF=0 && 0>>22&0x3C@4=0x29"