What Is DPI
WHAT IS DPI?
DPI is the acronym used for Deep Packet Inspection. This is also known as DPI, information extraction, IX, or complete packet inspection. DPI is a type of network packet filtering. Deep packet inspection examines the data portion and the header of a packet that is transmitted through the inspection point when enabled in a router, weeding out any disobedience to rules of conduct, spam, viruses, invasions, and any other defined judging requirements to block the packet from passing through the inspection point.
Deep packet inspection is also used to decide if a particular packet is redirected to another destination. In short, DPI can locate, detect, separate and label, block, or reroute packets that have clearly shown a particular code or data payloads that are not detected, located, separated and labeled, blocked, or redirected by ordinary packet filtering. Unlike plain packet filtering, deep packet inspection goes beyond examining packet headers.
HOW DEEP PACKET INSPECTION WORKS
DPI is a form of packet filtering usually carried out as a function of your firewall. It is applied at the Open Systems Interconnection application layer.
Deep packet inspection examines the contents of a packet that is going through a checkpoint. Using rules that are assigned by the user, your Internet service provider, or the network or systems manager, DPI detects and routes these packets in real time.
DPI can check the contents of these packets and then figure out where it came from, such as the service or computer program that sent it. Also, it can work with filters in order to find and redirect network traffic from an online service, such as Twitter or Facebook, or from a particular IP address.
DEEP PACKET INSPECTION VS CONVENTIONAL PACKET FILTERING
Ordinary packet filtering only reads the header information of each packet. This was a basic approach that was simpler than the modern approach to packet filtering, mostly due to the technology limits at the time. Firewalls had very little processing power, and it was not enough to handle large amounts of packets. In other words, ordinary packet filtering was just like reading the title of a book, without any knowledge or inspection of the content inside the cover.
With the advent of new technologies, DPI not only became possible, it became more widely implemented. As DPI became more thorough and complete, it evolved into something more like picking up a book, cracking it open, and reading it from cover to cover.
Common uses of deep packet inspection
DPI can be used for the purpose of a network security tool, mostly for the detection and interception of viruses and other forms of undesired traffic. But it can also be used for more purposed activities, like secretly monitoring users and employees.
Deep packet inspection can also be used in network management to streamline the flow of network traffic. For example, a message tagged as high priority can be routed to its destination ahead of less important or low priority messages or packets involved in casual internet browsing. DPI can also be used with throttling LAN data transfers to prevent large peer-to-peer network sharing. Therefore, increasing network performance.
Because DPI) makes it possible to identify the originator or receiver of content containing predefined data packets, it has sparked concern among privacy advocates of net neutrality.
Limits of deep packet inspection
Deep packet inspection has at least three significant limits.
First, it can create new security weaknesses, in addition to protecting against existing ones. While effective against buffer overflow attacks, denial-of-service (DoS) attacks and certain types of harmful programs or apps, DPI can also be taken advantage of to help attacks in those same areas.
Second, DPI adds to the configuration complexities of existing firewalls and other security related software. Deep packet inspection needs its own occasional updates and definition table parameters to remain most effective.
Third, DPI can and does reduce network speed because it increases the heavy load on firewall processors. We have seen as much as a 70% reduction in WAN connection speeds while using a VPN with DPI enabled.
Although acknowledging these limits, many network managers have supported deep packet analysis technology in an attempt to successfully deal with a perceived increase in the complex difficulty of protecting LAN traffic from internet related threats.
USE CASES FOR DEEP PACKET INSPECTION
There are several uses for deep packet inspection. It can act as both an intrusion detection system or as a combination of intrusion prevention and intrusion detection. It can identify particular attacks that your firewall, intrusion prevention, and intrusion detection systems cannot well enough detect.
If your organization contains users who are using laptops for work, then deep packet inspection is very important in preventing worms, spyware, and viruses from getting into your business network. What’s more, using deep packet inspection is based on rules and policies defined by the network administrator, allowing the network to detect if there are prohibited uses of approved resources.
DPI is also used by network managers to help ease the flow of network traffic. For instance, if you have a high priority message, you can use deep packet inspection to enable important information to pass through immediately, ahead of other lower priority messages. You can also put in order of importance packets that are extremely important, ahead of ordinary http packets. If you have problems with peer-to-peer downloads, you can use deep packet inspection to control the speed of a device data transfer rate. DPI can also be used to improve the abilities of ISPs to prevent the abuse and mistreatment of IoT devices in DDOS attacks by blocking too many requests from devices.
Mobile service operators and similar service providers also use deep packet inspection to customize offerings to individual subscribers. Thus, allowing them to offer data usage as unlimited, data capped, or value added. Record labels and other copyright holders can also request ISPs to block their content from being downloaded illegally, a process made possible with deep packet inspection.
Other times, DPI is used to serve targeted advertising to users, lawful interception, and policy enforcement. Deep packet inspection also prevents some types of buffer overflow attacks.
Lastly, deep packet inspection can help you prevent anybody from leaking information, such as when e-mailing a private file. Instead of being able to successfully send out a file, the user will instead receive information on how to get the necessary permission and clearance to send it.
As with other technologies, deep packet inspection can also be used for other than ethical purposes, such as secretly spying on and deleting things from books, movies, etc. In fact, the Chinese government has been known to use DPI to monitor and control citizen network traffic and restrict content and sites that are harmful to their interests. This is how some countries, as well as businesses, have been able to restrict access to pornography, religious information, materials concerning political disagreements, and certain other popular websites such as Wikipedia, Google, and Facebook.
While DPI has many possible use cases, it can easily detect the receiver and sender of the content that it monitors, so there are some valid privacy concerns. This is mostly a concern when DPI is used in modern marketing and advertising, through spying on and collecting the behavioral data of users, then selling that data to marketing and advertising companies.
SuperTech is a multi-faceted technology provider that is experienced with the configuration of routers and firewalls. We welcome you to visit our site and fill in the contact form for network installation, upgrade suggestions, and configuration assistance.
SuperTech is FCC certified and can provide Consultation Services, as well as affordable premise cabling solutions for your Commercial Business applications.