Skip to main content

Data Packet Inspection


Deep packet inspection (DPI) is an advanced method of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes or blocks packets with specific data or code payloads that conventional packet filtering, which examines only packet headers, cannot detect.

Usually performed as a firewall feature, deep packet inspection functions at the application layer of the Open Systems Interconnection (OSI) reference model.

How deep packet inspection works

Deep packet inspection examines the contents of packets passing through a given checkpoint and makes real-time decisions based on rules assigned by an enterprise, internet service provider (ISP) or network manager, depending on what a packet contains.

Previous forms of packet filtering only looked at header information, which, to use an analogy, is the equivalent of reading addresses printed on the outside of an envelope. This was due partly to the limitations of technology. Until recently, firewalls did not have the processing power necessary to perform deeper inspections on large volumes of traffic in real time. Technological advancements have enabled DPI to perform more advanced inspections that are more like opening an envelope and reading its contents.

Deep packet inspection can examine the content of messages and identify the specific application or service it comes from. In addition, filters can be programmed to look for and reroute network traffic from a specific Internet Protocol (IP) address range or a certain online service like Facebook.

Common uses of deep packet inspection

DPI can be used for benevolent purposes as a network security tool: for the detection and interception of viruses and other forms of malicious traffic. However, it's possible to use DPI for more nefarious activities as well, such as eavesdropping.

Deep packet inspection can also be used in network management to streamline the flow of network traffic. For example, a message tagged as high priority can be routed to its destination ahead of less important or low-priority messages or packets involved in casual internet browsing. DPI can also be used for throttled data transfer to prevent peer-to-peer abuse, therefore, improving network performance.

Because deep packet inspection makes it possible to identify the originator or recipient of content containing specific packets, it has sparked concern among privacy advocates and opponents of net neutrality.

Limitations of deep packet inspection

Deep packet inspection has at least three significant limitations.

First, it can create new vulnerabilities in addition to protecting against existing ones. While effective against buffer overflow attacks, denial-of-service (DoS) attacks and certain types of malware, DPI can also be exploited to facilitate attacks in those same categories.

Second, deep packet inspection adds to the complexity and unwieldy nature of existing firewalls and other security-related software. Deep packet inspection requires its own periodic updates and revisions to remain optimally effective.

Third, DPI can reduce network speed because it increases the burden on firewall processors.
Despite these limitations, many network administrators have embraced deep packet inspection technology in an attempt to cope with a perceived increase in the complexity and widespread nature of internet-related perils. 


Comments

Post a Comment

Popular posts from this blog

Black swan

A  black swan event  is an incident that occurs randomly and unexpectedly and has wide-spread ramifications. The event is usually followed with reflection and a flawed rationalization that it was inevitable. The phrase illustrates the frailty of inductive reasoning and the danger of making sweeping generalizations from limited observations. The term came from the idea that if a man saw a thousand swans and they were all white, he might logically conclude that all swans are white. The flaw in his logic is that even when the premises are true, the conclusion can still be false. In other words, just because the man has never seen a black swan, it does not mean they do not exist. As Dutch explorers discovered in 1697, black swans are simply outliers -- rare birds, unknown to Europeans until Willem de Vlamingh and his crew visited Australia. Statistician Nassim Nicholas Taleb uses the phrase black swan as a metaphor for how humans deal with unpredictable events in his 2007...
Post a Comment
Read more

A Graphics Processing Unit (GPU)

A graphics processing unit (GPU) is a computer chip that performs rapid mathematical calculations, primarily for the purpose of rendering images. A GPU may be found integrated with a central processing unit (CPU) on the same circuit, on a graphics card or in the motherboard of a personal computer or server. In the early days of computing, the CPU performed these calculations. As more graphics-intensive applications such as AutoCAD were developed; however, their demands put strain on the CPU and degraded performance. GPUs came about as a way to offload those tasks from CPUs, freeing up their processing power. NVIDIA, AMD, Intel and ARM are some of the major players in the GPU market. GPU vs. CPU A graphics processing unit is able to render images more quickly than a central processing unit because of its parallel processing architecture, which allows it to perform multiple calculations at the same time. A single CPU does not have this capability, although multi...
Post a Comment
Read more

6G (sixth-generation wireless)

6G (sixth-generation wireless) is the successor to 5G cellular technology. 6G networks will be able to use higher frequencies than 5G networks and provide substantially higher capacity and much lower latency. One of the goals of the 6G Internet will be to support one micro-second latency communications, representing 1,000 times faster -- or 1/1000th the latency -- than one millisecond throughput. The 6G technology market is expected to facilitate large improvements in the areas of imaging, presence technology and location awareness. Working in conjunction with AI, the computational infrastructure of 6G will be able to autonomously determine the best location for computing to occur; this includes decisions about data storage, processing and sharing.  Advantages of 6G over 5G 6G is expected to support 1 terabyte per second (Tbps) speeds. This level of capacity and latency will be unprecedented and wi...
Post a Comment
Read more