Deep Packet Inspection (DPI) is a method of analyzing data on a computer network by inspecting packets for information about the type, source, and destination of the data. DPI can detect malicious software, prioritize traffic, and be used for surveillance and censorship purposes. ISPs and governments use DPI to reconstruct emails, listen to VoIP calls, and track users for targeted advertising. DPI can also be used for traffic shaping and detecting worms, viruses, and trojans.
Deep Packet Inspection (DPI) is a method of inspecting and analyzing data on a computer network. DPI searches packets for information about the type, source, and destination of the data. This type of network monitoring can be used to detect malicious software before it reaches a target computer, as well as prioritize certain types of traffic. Governments, large corporations, Internet Service Providers (ISPs), and security companies all use deep packet inspection for a variety of purposes.
Computer networks break up data into small chunks called packets, which are small chunks of data used on the Internet and other computer networks. A package is much like a piece of mail in an envelope; contains headers specifying a destination and return address, with useful data within the packet itself. Because packets travel across a network, they can be routed through many different devices, much like a piece of mail traveling through several post offices. Normally, these devices only look at packet headers. In devices that use deep packet inspection, however, the entire packet is inspected.
The packets can be analyzed in real time or can be captured and analyzed at a later time, a practice known as Deep Packet Capture or DPC. Both techniques can reveal a large amount of data about network traffic. Applications can leave telltale signatures or patterns in the packets they generate, allowing for accurate tracking of program use in a real-time network. Deep packet inspection is often used in large corporate networks to detect worms, viruses and trojans that cannot be seen by other security software such as firewalls. DPI can also be used to limit or prioritize certain types of network traffic, a practice known as traffic shaping.
ISPs around the world use DPI technology in a variety of ways. Some use it to generate statistical information about the traffic flowing through their network, while others use network devices (specially designed hardware that sits on an ISP’s network) to perform comprehensive user traffic monitoring. The most advanced of these network devices have the ability to act on this data in real time. For example, some broadband providers use DPI to block or slow down file sharing services. Proponents of net neutrality fear this could lead to a layered Internet, a system in which the programs and services a customer is able to use online depend on how much the customer pays.
By intercepting large numbers of packets, ISPs and governments can reconstruct emails, listen to Voice over Internet Protocol (VoIP) calls, or even track users on different websites to display targeted advertising. Several ISPs in both the US and the UK have used this more advanced version of deep packet inspection to inject targeted advertising into the websites customers visit. Governments sometimes use IPRs for Internet surveillance and censorship purposes. For example, China’s Golden Shield project, also known as “The Great Firewall of China,” is believed to use DPI. The US National Security Agency has used commercial network devices with deep packet inspection to monitor emails and VoIP calls.
Protect your devices with Threat Protection by NordVPN
