Deep Packet Inspection can be used for good and evil. It can make you more secure or spy on you and deny you access to certain content. Find out what DPI is, how it works, and what it’s used for.
To understand how DPI works and why it’s used, we first need to understand how data packets are transferred and filtered. Any information you send or receive online, whether it would be an email or you connecting to a website, is divided into packets. These packets consist of headers and payloads that tell devices where these packets are from and where they are going.
Your router, for example, protects your devices by performing basic packet filtering, also known as Static/Stateless packet filtering. It checks the incoming packets headers against a set of rules (also called Access Control List) like specific source/destination IP addresses/port numbers and dismisses the ones that don’t.
It does a good job, but packet filtering is usually not enough. First of all, hackers have found ways to overcome it. Second, the more rules your router has, the slower it becomes, and some routers simply don’t have enough processing power to protect you from all of the threats lurking out there. That’s why deep packet inspection was created.
Deep packet inspection (DPI) is a type of network packet filtering, also known as information extraction or complete packet inspection. If static/stateless packet filtering only checks the headers, then DPI checks both the header and what’s inside the packet — its payload. The user can then weed out anything that doesn’t match its ruleset, like non-compliance to a protocol, spam, viruses, or intrusions. The rules are usually set by you, your Internet Service Provider (ISP), or the relevant network or systems administrator.
There are different techniques and tools DPI may use to find and dismiss packets that don’t match its filtering rules.
1. Network security. DPI can be used as an intrusion detection system (IDS) or a combination of intrusion prevention (IPS) and intrusion detection. It can identify specific attacks such as denial of service and buffer overflow attacks, and other malicious traffic caused by viruses, worms, or ransomware, which other security tools might not be able to pick up on.
DPI works much like an antivirus, but it detects threats at the network layer before they even get to the end-user. For example, in large companies, DPI can help prevent viruses and worms from spreading throughout the corporate network. It can also help detect prohibited uses of your company’s applications.
2. Data Loss Prevention. DPI can prevent data egress at companies. For example, when emailing confidential information, DPI would prompt an employee to get the necessary permission and clearance to send it.
3. Internet traffic shaping or network management. You can use DPI to filter traffic and ease the network flow. For example, you can set it up so that you get high priority messages first or to slow down or prioritize your P2P downloads.
Unfortunately, ISP do this often as well to throttle user traffic. Copyright holders can also ask ISPs, with the help of DPI, to block their content from being downloaded illegally.
4. Eavesdropping and online censorship. The Chinese government uses DPI to monitor and control the country’s network traffic. It helps them to block unwanted websites such as pornography, social media platforms, and religious or political opposition.
5. Target advertising. DPI raises some privacy concerns because it can dig deep enough to see the sender, the receiver and the content of the data packet. This information can be collected by ISPs that monitor your traffic and can then be sold to companies specializing in targeted advertising.
DPI isn’t a flawless security tool. It presents many challenges, and you may think twice before trusting it.
Protect your traffic from DPI inspection with NordVPN. Try it now with a 30-day money-back guarantee.
We value your privacy