Home / Definitions / Deep Packet Inspection

Deep Packet Inspection

Jenna Phipps
Last Updated April 25, 2024 9:28 pm

Deep packet inspection is a networking technology for analyzing data packets in more detail than traditional packet filtering. Deep packet inspection (DPI) looks at more than just the packet header, which is the minimum inspection that traditional packet filtering performs. This reveals more information about what the packet’s carrying and allows networks to catch potential threats and better manage traffic.

How deep packet inspection works

Firewalls use DPI to examine not only the packet headers but also the data within a packet. Traditional packet filtering only looks at the header, which provides basic source and destination information (the IP address from which the packet came and to which it’s going). DPI searches for data within the packet that will give more information about its source and intent, such as its port (the type of network connection or application). Then, if the traffic is harmful, the firewall or system that’s using DPI can drop the packet.

DPI can be used in intrusion detection and prevention systems to track previously recognized threat patterns in packets. IDPS uses insights from a database of information about packets, comparing new network transmissions to past ones. DPI can also be used for outbound traffic, not just inbound.

Because it requires additional analysis, DPI can significantly slow a hardware-based firewall’s performance, especially if the packets come through an HTTPS connection and need to be decrypted and re-encrypted.

DPI for political and national censorship and influence

DPI in China is used to manage IP requests for websites that the government does not want its citizens to see. This includes websites with political views that contradict the Chinese Communist party or just free search engines (Google included). In its Great Firewall, the Chinese government drops packets or reroutes them to different IP addresses than the intended IP destination.

This is one of the most large-scale examples of the ways DPI can be used to influence Internet traffic. Internet service providers in the United States use DPI, too. ISPs monitor their customers’ traffic closely. They can redirect traffic to websites of their choice or throttle IP addresses to which they don’t want their customers to go. This doesn’t always happen with every service provider, but it’s a possibility. ISPs may also sell data about their customers’ Internet traffic to third parties, including government agencies.