Deep Packet Inspection

Deep packet inspection is a networking technology for analyzing data packets in more detail than traditional packet filtering. Deep packet inspection (DPI) looks at more than just the packet header, which is the minimum inspection that traditional packet filtering performs. This reveals more information about what the packet’s carrying and allows networks to catch potential threats and better manage traffic.

How deep packet inspection works

Firewalls use DPI to examine not only the packet headers but also the data within a packet. Traditional packet filtering only looks at the header, which provides basic source and destination information (the IP address from which the packet came and to which it’s going). DPI searches for data within the packet that will give more information about its source and intent, such as its port (the type of network connection or application). Then, if the traffic is harmful, the firewall or system that’s using DPI can drop the packet.

DPI can be used in intrusion detection and prevention systems to track previously recognized threat patterns in packets. IDPS uses insights from a database of information about packets, comparing new network transmissions to past ones. DPI can also be used for outbound traffic, not just inbound.

Because it requires additional analysis, DPI can significantly slow a hardware-based firewall’s performance, especially if the packets come through an HTTPS connection and need to be decrypted and re-encrypted.

DPI for political and national censorship and influence

DPI in China is used to manage IP requests for websites that the government does not want its citizens to see. This includes websites with political views that contradict the Chinese Communist party or just free search engines (Google included). In its Great Firewall, the Chinese government drops packets or reroutes them to different IP addresses than the intended IP destination.

This is one of the most large-scale examples of the ways DPI can be used to influence Internet traffic. Internet service providers in the United States use DPI, too. ISPs monitor their customers’ traffic closely. They can redirect traffic to websites of their choice or throttle IP addresses to which they don’t want their customers to go. This doesn’t always happen with every service provider, but it’s a possibility. ISPs may also sell data about their customers’ Internet traffic to third parties, including government agencies.

 

Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.

Top Articles

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

What are the Five Generations of Computers? (1st to 5th)

Reviewed by Web Webster Each generation of computer has brought significant advances in speed and power to computing tasks. Learn about each of the...

Hotmail [Outlook] Email Accounts

Launched in 1996, Hotmail was one of the first public webmail services that could be accessed from any web browser. At its peak in...

MDM vs. MAM

The bring your own device (BYOD) phenomenon has changed how businesses interact with...

CRM Manager

A customer relationship management (CRM) manager is a person that oversees all customer...

AdamLocker Ransomware

AdamLocker ransomware, or RW.adm_64, is a screen-locking virus designed to prevent access to...