The need to use a practice and application oriented approach in information security education is paramount. A security education curriculum that does not give the students the opportunity to experiment in practice with security techniques cannot prepare them to be able to protect efficiently the confidentiality, integrity, and availability of computer systems and assets. In this paper, first we discuss security issues with stateless basic packet filtering, and the concepts of stateful TCP, UDP and ICMP packet filtering. Then, we describe a comprehensive hands-on lab exercise implementation about how to identify whether a given firewall performs stateless or stateful packet filtering.