Skip to main content

Data Packet Inspection


Deep packet inspection (DPI) is an advanced method of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes or blocks packets with specific data or code payloads that conventional packet filtering, which examines only packet headers, cannot detect.

Usually performed as a firewall feature, deep packet inspection functions at the application layer of the Open Systems Interconnection (OSI) reference model.

How deep packet inspection works

Deep packet inspection examines the contents of packets passing through a given checkpoint and makes real-time decisions based on rules assigned by an enterprise, internet service provider (ISP) or network manager, depending on what a packet contains.

Previous forms of packet filtering only looked at header information, which, to use an analogy, is the equivalent of reading addresses printed on the outside of an envelope. This was due partly to the limitations of technology. Until recently, firewalls did not have the processing power necessary to perform deeper inspections on large volumes of traffic in real time. Technological advancements have enabled DPI to perform more advanced inspections that are more like opening an envelope and reading its contents.

Deep packet inspection can examine the content of messages and identify the specific application or service it comes from. In addition, filters can be programmed to look for and reroute network traffic from a specific Internet Protocol (IP) address range or a certain online service like Facebook.

Common uses of deep packet inspection

DPI can be used for benevolent purposes as a network security tool: for the detection and interception of viruses and other forms of malicious traffic. However, it's possible to use DPI for more nefarious activities as well, such as eavesdropping.

Deep packet inspection can also be used in network management to streamline the flow of network traffic. For example, a message tagged as high priority can be routed to its destination ahead of less important or low-priority messages or packets involved in casual internet browsing. DPI can also be used for throttled data transfer to prevent peer-to-peer abuse, therefore, improving network performance.

Because deep packet inspection makes it possible to identify the originator or recipient of content containing specific packets, it has sparked concern among privacy advocates and opponents of net neutrality.

Limitations of deep packet inspection

Deep packet inspection has at least three significant limitations.

First, it can create new vulnerabilities in addition to protecting against existing ones. While effective against buffer overflow attacks, denial-of-service (DoS) attacks and certain types of malware, DPI can also be exploited to facilitate attacks in those same categories.

Second, deep packet inspection adds to the complexity and unwieldy nature of existing firewalls and other security-related software. Deep packet inspection requires its own periodic updates and revisions to remain optimally effective.

Third, DPI can reduce network speed because it increases the burden on firewall processors.
Despite these limitations, many network administrators have embraced deep packet inspection technology in an attempt to cope with a perceived increase in the complexity and widespread nature of internet-related perils. 


Comments

Popular posts from this blog

Ghosting

Ghosting is to cease communications without notification. The use of the word "ghost" as a verb originated in social media in reference to dating, but the term is now used by employers to describe employees and potential employees who suddenly disappear. Typically, ghosting is used to describe: Job candidates who suddenly stop responding to messages. New hires who fail to show up for their first day of work. Employees who do not show up for a shift. Employees who leave work in the middle of the day and never come back. Some analysts blame ghosting on millennial entitlement. The reasoning is that members of the millennial generation have been brought up to feel they are special -- so special, in fact, that they do not need to follow conventional rules of behavior. Other analysts, however, maintain that ghosting behavior stems from changes in the job market and the phenomenon is simply a reflection of the laws of supply and demand in a healthy jo...

Data deduplication

Data deduplication -- often called intelligent compression or single-instance storage -- is a process that eliminates redundant copies of data and reduces storage overhead. Data deduplication techniques ensure that only one unique instance of data is retained on storage media, such as disk, flash or tape. Redundant data blocks are replaced with a pointer to the unique data copy. In that way, data deduplication closely aligns with incremental backup, which copies only the data that has changed since the previous backup. For example, a typical email system might contain 100 instances of the same 1 megabyte (MB) file attachment. If the email platform is backed up or archived, all 100 instances are saved, requiring 100 MB of storage space. With data deduplication, only one instance of the attachment is stored; each subsequent instance is referenced back to the one saved copy. In this example, a 100 MB storage demand drops to 1 MB. Target vs. source deduplication Data deduplica...

A Graphics Processing Unit (GPU)

A graphics processing unit (GPU) is a computer chip that performs rapid mathematical calculations, primarily for the purpose of rendering images. A GPU may be found integrated with a central processing unit (CPU) on the same circuit, on a graphics card or in the motherboard of a personal computer or server. In the early days of computing, the CPU performed these calculations. As more graphics-intensive applications such as AutoCAD were developed; however, their demands put strain on the CPU and degraded performance. GPUs came about as a way to offload those tasks from CPUs, freeing up their processing power. NVIDIA, AMD, Intel and ARM are some of the major players in the GPU market. GPU vs. CPU A graphics processing unit is able to render images more quickly than a central processing unit because of its parallel processing architecture, which allows it to perform multiple calculations at the same time. A single CPU does not have this capability, although multi...