Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: What is Stateful Packet Inspection ?

What is Stateful Packet Inspection ? 12 years 8 months ago #2961

  • zaq
  • zaq's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
hi ! I just want to know what is it for and how it is being implemented ?

thanx !
The administrator has disabled public write access.

Re: What is Stateful Packet Inspection ? 12 years 8 months ago #2967

  • Cheetah
  • Cheetah's Avatar
  • Offline
  • Frequent Member
  • Posts: 72
  • Karma: 0
Hi

Stateful packet inspection is a feature in firewalls which inspects the state of the packets traversing through the firewall. Some of the states are NEW, RELATED, ESTABLISHED etc.

Stateful packet inspection is used in iptables.

Let me have a look on my "favorites" collection for giving you a nice link where you can find more details.

Regards
Cheetah
Kind Regards,
<b>Cheetah</b>
<i>The outcome of devotion is, quality!</i>
The administrator has disabled public write access.

Re: What is Stateful Packet Inspection ? 12 years 8 months ago #2973

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Stateful inspection is what every half decent firewall these days uses.. basically in the old days, firewalls were dumb... they merely matched a packet with the ruleset and then either dropped or accepted it.. stateful inspect means the firewall maintains an internal state table which tracks the status of the connection.. it 'understands' that a packet is part of a previously established connection, and thus lets it pass... so lets say you tried to send an ACK packet past the firewall, it would be smart enough to know that this packet is not a part of a previously established connection so it will not let it go...

In short.. it tracks what connections are open and allows their packets to pass.. this can also save on processing time as if a packet matches a particular connection, it doesnt need to be checked against the other rules since that connection has already been allowed.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: What is Stateful Packet Inspection ? 12 years 8 months ago #2978

  • dreamer
  • dreamer's Avatar
  • Offline
  • New Member
  • Posts: 15
  • Karma: 0
Hi,

I'm sorry I know I'am new around here. But isn't there a difference between stateful packet inspection en stateful packet filtering? I believe that stateful packet inspection builds on stateful packet filtering (what has been defined above) and also has the ability to check payload within a packet. This allows to check that the content matches the expected service it is communicating with.
The administrator has disabled public write access.

Re: What is Stateful Packet Inspection ? 12 years 8 months ago #2986

  • UHSsncmrm
  • UHSsncmrm's Avatar
  • Offline
  • Frequent Member
  • Posts: 63
  • Karma: 0
My understanding is that inspection is looking for signatures of traffic flows, filtering takes it a step further and allows you to build rules to stop or permit certain flows.
A scapegoat is often as welcome as a solution...never memorize what you can look up.
The administrator has disabled public write access.

Re: What is Stateful Packet Inspection ? 12 years 7 months ago #3611

  • nessagirl
  • nessagirl's Avatar
  • Offline
  • New Member
  • Posts: 5
  • Karma: 0
Stateful Packet Inspection is a packet filtering technique that intercepts packets until there are enough from a given location to determine the state of the incoming connection. Once enough packets have been gathered and are cleared, they are forwarded to the internal address, which allows communication directly between the internal and external addresses. Stateful packet inspection firewalls are generally faster than application-based firewalls.
~~~~~~ oOo ~~~~~~
"£ôve has nôthing tô dô with what yôu are expecting tô get,
it's what yôu are expected tô give -- which is everything."
"£ôve is patient and kind;
It is nôt jealôus ôr prôud;
£ôve is nôt selfish ôr irritable;
£ôve
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.086 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup