Routers don't normally care. There are special cases such as throttling but these are not the general case with routers. Routers care about how to route packets (frames, actually). The necessary information for that is determined on a frame-by-frame basis. A frame is received, the header is parsed, a source and destination address realized and then the frame is repackaged for transport to the next destination. There are other operations that may happen - for instance if the router is not aware of how to send the frame along it has to ask first. This all varies a little bit in the case of wireless routers, of course.
From the point of view of a router there are two things to be gleaned from a particular frame: the IP addresses (source and destination) and the last hop MAC address (the next is calculated, and not part of the frame content). Other than that a flow doesn't make much sense.
thanks very much for all this informations
i know most what you say, and i am asking about some methods that ask the router to check a specific feild in the packet (the request packet only) of the flow.
so that i ask this question how the router know the request packet, i think from for example the SYN flag (is there anothere thing?)
ok, but how can he know the packets that belong to a specific flow to forward it without check or block it without check: depending on the request packet
thank you in advance for any help
What you are describing is not possible using the IP protocol alone. The IP protocol is stateless; there is no SYN or SYN/ACK or connection handshake. These are artifacts of the transport layer protocol (TCP, specifically).
TCP deals with streams. Each stream is connected through a 3-way handshake that considers, among other things, the options to be used and the starting state of the protocol. This is where you may find a SYN flag set in a header.
As far as grouping packets to their respective flows this is usually done through the 5-tuple. UDP makes this less reliable as there is no clear delineation between connections but the basic concept is that each connection (when you include a transport layer protocol) contains the following 5 items, that when combined, uniquely distinguish flows: Source IP address, Destination IP address, Source port, Destination port, and Protocol.
Using the 5-tuple you can bin packets into [roughly] unique connections.
thank you very much for your reply
sorry but how can ipsec work? i know it is a special case, and the router can use it to read the option feild for example, sorry if i annoying be sure that i have little good background and you can help me with deep information if you want to discuss it
best regards and thanks for all previous and in advance for any help
Since IPSec encrypts the payload (and optionally the header) a monitoring device (say a network tap or tcpdump process) has no way of reading the secure portion of the payload. However, since a router that supports IPSec already speaks the protocol getting at the packet contents only requires a decryption process.
To operate within a traditional network there still needs to be a way to route the packets and therefor IP addresses are still exposed. This is not entirely reliable for true end-to-end semantics as in tunnel mode these are not necessarily related to the sender/receiver pair.
The best you will get with IPSec - without the router fully decrypting the entire packet - is to bin frames to a source/destination pair optionally including the last hop MAC address.