What is a Packet Filter?

A packet filter is, at its most basic, a firewall that protects networked computers from pollution from outside sources, namely the Internet. The term is actually the name of the application, a type of Internet protocol (IP) filter so named in the Berkeley Software Distribution (BSD) naming conventions. It acts as a network policeman, examining any and all traffic directed at the network before that traffic ever gets anywhere close to the network. Computer users can think of it in terms of the guard tower outside the moat that surrounds the castle. The packet filter serves the role of both moat and guard tower, since most procedures involve more than one layer of security.

It is a model of reverse engineering as well, serving as a gatekeeper that keeps “dangerous” traffic from leaving the network. An apt analogy here would be the Great Wall of China, which was built both to keep invading barbarians out and to keep dissident Chinese in. The “dangerous” traffic that a packet filter keeps from escaping might very well be company secrets, such as customer identity information and the like.

A packet filter can be customized, of course. A network administrator can set the filter level high, such that nothing gets through unless he or she authorizes it. It can be programmed so that it searches for certain keywords or IP addresses in incoming transmissions. The network admin can even program the filter to exclude all but a certain level of information, the parameters of which he or she sets ahead of time.

In most cases, the packet filter will keep a log of all of its activity. This log can be customized, too, to include such data columns as number of data streams tracked, number of data streams intercepted, why those streams were intercepted, the IP addresses of any and all incoming transmissions, and how many times the transmissions were attempted. In this way, the network administrator can follow up on attempted security breaches.

A large network of computers usually requires this application for protection. The last thing that the president of a bank, for example, wants is for some hacker to gain control of the personal information of the bank's customers. The packet filter in this case will undoubtedly have a high level of security.

A company might also want to aim the filter at internal traffic as well, to make sure that no objectionable traffic or data streams get passed between internally controlled computers. The application is not perfect, even though its makers would like it to be, and for whatever reason, objectionable files can sneak through. This sort of penetration onto one computer can soon lead to infection of other computers on the network simply because they are sharing an IP address or other kind of network connection.