A method of filtering data packets in a network device is disclosed. An incoming packet is received from a port and the incoming packet is inspected and packet fields are extracted. The incoming packet is classified based on the extracted packet fields and action instructions are generated. The incoming packet is then modified based on the action instructions. Further, the inspection and extraction includes applying inspection mask windows to any portion of the incoming packet to extract programmable packet fields.