Skip to content

Packet Filtering vs. Packet Instpecting Firewalls


Packet Filtering firewalls watch the following fields in an IP datagram it receives:

Using these fields, the packet filtering firewall can either permit or drop the packet in either direction. Routers with access control lists can also perform packet filtering, however a purely packet filtering firewall cannot recognize dynamic connections such as that used by FTP.


Packet inspection involves opening IP packets, looking beyond the basic network protocol information such as source and destination IP address and other packet header information. Using TCP/IP as an example, a packet inspecting firewall can tell the difference between a web request (TCP port 80), a Telnet request (TCP port 23) and a DNS lookup (UDP port 53). It can tell the difference between the web request, and the web server's response and will only permit the proper response . "Deep" inspection firewalls can see the Web URL that is being retrieved and in some cases, can see the Java Applets, JavaScript and cookies contained within the web page. Such 'deep inspection' firewalls can remove the offending Java Applets and block the cookies based on the URL of the web server delivering the page or other criterion.

Share This:

If you found this tutorial useful, please DONATE! Donations support the creation and maintenance of this, and other tutorials throughout this site.