Cyber Security

DPI (Deep Packet Inspection)

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly. While deep packet inspection can be used for innocuous reasons such as making sure that data is in the correct format or checking for malicious code, it can also be used for more nefarious motives such as eavesdropping and censorship.

There are multiple headers for IP packets; network equipment only needs to use the first of these (the IP header) for normal operation, but use of the second header (such as TCP or UDP) is normally considered to be shallow packet inspection (usually called stateful packet inspection) despite this definition.

There are multiple ways to acquire packets for deep packet inspection. Using port mirroring (sometimes called Span Port) is a very common way, as well as an optical splitter.

Deep Packet Inspection (and filtering) enables advanced network management, user service, and security functions as well as internet data mining, eavesdropping, and internet censorship. Although DPI has been used for Internet management for many years, some advocates of net neutrality fear that the technique may be used anticompetitively or to reduce the openness of the Internet.

DPI is used in a wide range of applications, at the so-called “enterprise” level (corporations and larger institutions), in telecommunications service providers, and in governments.

Related Articles