Deep Packet Inspection

Deep packet inspection is a networking technology for analyzing data packets in more detail than traditional packet filtering. Deep packet inspection (DPI) looks at more than just the packet header, which is the minimum inspection that traditional packet filtering performs. This reveals more information about what the packet’s carrying and allows networks to catch potential threats and better manage traffic.

How deep packet inspection works

Firewalls use DPI to examine not only the packet headers but also the data within a packet. Traditional packet filtering only looks at the header, which provides basic source and destination information (the IP address from which the packet came and to which it’s going). DPI searches for data within the packet that will give more information about its source and intent, such as its port (the type of network connection or application). Then, if the traffic is harmful, the firewall or system that’s using DPI can drop the packet.

DPI can be used in intrusion detection and prevention systems to track previously recognized threat patterns in packets. IDPS uses insights from a database of information about packets, comparing new network transmissions to past ones. DPI can also be used for outbound traffic, not just inbound.

Because it requires additional analysis, DPI can significantly slow a hardware-based firewall’s performance, especially if the packets come through an HTTPS connection and need to be decrypted and re-encrypted.

DPI for political and national censorship and influence

DPI in China is used to manage IP requests for websites that the government does not want its citizens to see. This includes websites with political views that contradict the Chinese Communist party or just free search engines (Google included). In its Great Firewall, the Chinese government drops packets or reroutes them to different IP addresses than the intended IP destination.

This is one of the most large-scale examples of the ways DPI can be used to influence Internet traffic. Internet service providers in the United States use DPI, too. ISPs monitor their customers’ traffic closely. They can redirect traffic to websites of their choice or throttle IP addresses to which they don’t want their customers to go. This doesn’t always happen with every service provider, but it’s a possibility. ISPs may also sell data about their customers’ Internet traffic to third parties, including government agencies.


Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Related Articles

@ Sign

Pronounced at sign or simply as at, this symbol is used in e-mail addressing to separate the user' name from the user's domain name,...


(MUHN-jing) Munging (address munging), is the act of altering an email address posted on a Web page to make it unreadable to bots and...

How to Create an RSS Feed

In the second installment of RSS how-to, we look at some of the nonrequired (optional) channel and item tags, discuss RSS specifications in-depth and...

Dictionary Attack

(n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...