There are other analyses that can be performed if you have a tcpdump
(NOT etherfind) output log of the headers from an attack.
It's well worth a few tens of megabytes...
CERT and some of the people working on the SYN attacks can help if
you have such traces.
Avi