Firewalking uses a traceroute-like IP packet analysis to determine whether or not a particular packet can pass from the attacker’s host to a destination host through a packet-filtering device. This technique can be used to map ‘open’ or ‘pass through’ ports on a gateway. More over, it can determine whether packets with various control information canpass through a given gateway. Also, using this technique, an attacker can map routers behind a packet-filtering device.

In order to use a gateway's response to gather information, we must know two pieces of information:
· The IP address of the last known gateway before the firewalling takes place
· The IP address of a host located behind the firewall.
The first IP address serves as our metric (waypoint from the above example), if we can't get a response past that machine, then we assume that whatever protocol we tried to pass is being blocked3. The second IP address is used as a destination to direct the packet flow

Using this technique, we can perform several different information gathering attacks. One attack is a firewall protocol scan, which will determine what ports/protocols a firewall will let traffic through on from the attacking host. This would attempt to pass packets on all ports and protocols and monitor the responses. A second potential threat is advanced network mapping. By sending packets to every host behind a packet filter, an attacker can generate an accurate map of a network’s topology.