By evaluating the responses that are returned from select packet injections, it is possible to determine if remote ports are filtered by a firewall device. In order to develop a thorough understanding of how this process works, we can perform this task at the packet level using Scapy.
To use Scapy to perform firewall identification, you will need a remote system that is running network services. Additionally, you will need to implement some type of filtering mechanism. This can be done with an independent firewall device or with host-based filtering such as Windows firewall. By manipulating the filtering settings on the firewall device, you should be able to modify the responses for injected packets.