Deep Packet Inspection Definition & Meaning

Deep packet inspection is a networking technology for analyzing data packets in more detail than traditional packet filtering. Deep packet inspection (DPI) looks at more than just the packet header, which is the minimum inspection that traditional packet filtering performs. This reveals more information about what the packet’s carrying and allows networks to catch potential threats and better manage traffic.

How deep packet inspection works

Firewalls use DPI to examine not only the packet headers but also the data within a packet. Traditional packet filtering only looks at the header, which provides basic source and destination information (the IP address from which the packet came and to which it’s going). DPI searches for data within the packet that will give more information about its source and intent, such as its port (the type of network connection or application). Then, if the traffic is harmful, the firewall or system that’s using DPI can drop the packet.

DPI can be used in intrusion detection and prevention systems to track previously recognized threat patterns in packets. IDPS uses insights from a database of information about packets, comparing new network transmissions to past ones. DPI can also be used for outbound traffic, not just inbound.

Because it requires additional analysis, DPI can significantly slow a hardware-based firewall’s performance, especially if the packets come through an HTTPS connection and need to be decrypted and re-encrypted.

DPI for political and national censorship and influence

DPI in China is used to manage IP requests for websites that the government does not want its citizens to see. This includes websites with political views that contradict the Chinese Communist party or just free search engines (Google included). In its Great Firewall, the Chinese government drops packets or reroutes them to different IP addresses than the intended IP destination.

This is one of the most large-scale examples of the ways DPI can be used to influence Internet traffic. Internet service providers in the United States use DPI, too. ISPs monitor their customers’ traffic closely. They can redirect traffic to websites of their choice or throttle IP addresses to which they don’t want their customers to go. This doesn’t always happen with every service provider, but it’s a possibility. ISPs may also sell data about their customers’ Internet traffic to third parties, including government agencies.

 

Related Links

Jenna Phipps
Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

Text Abbreviations reviewed by Web Webster   From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

First to Fifth Generations of Computers

Reviewed by Web Webster   Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Heuristic Definition and Meaning

Heuristic, pronounced hyoo-ri-stihk, is a Greek term for individually finding or discovering. In...

Hackerspace Definition & Meaning

What is a hackerspace? A hackerspace, also known as a hacklab, incubator, or hackspace,...

Random Access Memory (RAM)...

Random Access Memory (RAM) reviewed by Web Webster   Random Access Memory (RAM) is a...