Skip to main content

What is Stateful Packet Inspection ?

More
20 years 9 months ago #2961 by zaq
hi ! I just want to know what is it for and how it is being implemented ?

thanx !
More
20 years 9 months ago #2967 by Cheetah
Hi

Stateful packet inspection is a feature in firewalls which inspects the state of the packets traversing through the firewall. Some of the states are NEW, RELATED, ESTABLISHED etc.

Stateful packet inspection is used in iptables.

Let me have a look on my "favorites" collection for giving you a nice link where you can find more details.

Regards
Cheetah

Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
More
20 years 9 months ago #2973 by sahirh
Stateful inspection is what every half decent firewall these days uses.. basically in the old days, firewalls were dumb... they merely matched a packet with the ruleset and then either dropped or accepted it.. stateful inspect means the firewall maintains an internal state table which tracks the status of the connection.. it 'understands' that a packet is part of a previously established connection, and thus lets it pass... so lets say you tried to send an ACK packet past the firewall, it would be smart enough to know that this packet is not a part of a previously established connection so it will not let it go...

In short.. it tracks what connections are open and allows their packets to pass.. this can also save on processing time as if a packet matches a particular connection, it doesnt need to be checked against the other rules since that connection has already been allowed.

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 9 months ago #2978 by dreamer
Hi,

I'm sorry I know I'am new around here. But isn't there a difference between stateful packet inspection en stateful packet filtering? I believe that stateful packet inspection builds on stateful packet filtering (what has been defined above) and also has the ability to check payload within a packet. This allows to check that the content matches the expected service it is communicating with.
More
20 years 9 months ago #2986 by UHSsncmrm
My understanding is that inspection is looking for signatures of traffic flows, filtering takes it a step further and allows you to build rules to stop or permit certain flows.

A scapegoat is often as welcome as a solution...never memorize what you can look up.
More
20 years 7 months ago #3611 by nessagirl
Stateful Packet Inspection is a packet filtering technique that intercepts packets until there are enough from a given location to determine the state of the incoming connection. Once enough packets have been gathered and are cleared, they are forwarded to the internal address, which allows communication directly between the internal and external addresses. Stateful packet inspection firewalls are generally faster than application-based firewalls.

~~~~~~ oOo ~~~~~~
"£ôve has nôthing tô dô with what yôu are expecting tô get,
it's what yôu are expected tô give -- which is everything."
"£ôve is patient and kind;
It is nôt jealôus ôr prôud;
£ôve is nôt selfish ôr irritable;
£ôve
Time to create page: 0.133 seconds