TCP normalization is a feature used on ASA firewalls to drop TCP packets that do not appear to be normal. Yes if you captured packets with a sniffer you should be able to see the TCP settings but then again you would need to know what you were looking at and what was "normal".
What you are doing with TCP normalisation is looking at certain options etc. within the TCP packet and deciding whether these are acceptable or not.
See this link for more details of what you can do with TCP normalisation on the ASA and also what options etc. you would be looking at -
http://www.ccie1.com/?p=21
Jon