Discover

'Deep packet inspection' ('DPI') is a form of computer network packet filtering that examines the data and/or header part of a through-passing packet, searching for non-protocol compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can pass or if it needs to be routed to a different destination. It also called Content Inspection or Content Processing. This is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet.
DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model. This includes headers and data protocol structures as well as the actual payload of the message. The DPI will identify and classify the traffic based on a signature database that includes information extracted from the data part of a packet, allows finer control than classification based only on header information.
A classified packet can be redirected, marked/tagged (see QoS), blocked, rate limited, and of course, reported to a reporting agent in the network.
Many DPI devices also identify flows, allowing control actions based on accumulated flow information rather than packet-by-packet analysis.
DPI allows phone and cable companies to "readily know the packets of information you are receiving online--from e-mail, to websites, to sharing of music, video and software downloads"^[1] - as would a network analysis tool.
DPI is also increasingly being used in security devices to analyze flows, compare them against policy, and then treat the traffic appropriately (i.e., block, allow, rate limit, tag for priority, mirror to another device for more analysis or reporting).
Advanced Deep Packet Inspection systems now also incorporate Cross Packet Inspection (XPI) - so that signatures of interest that start within one packet but cross to another packet can also be detected. This requires that each flow's context is stored somewhere so that when the correct next packet arrives the scanning process can continue just where it left off - to the scanning engine the two packets look contiguous.

Contents

Companies currently marketing DPI technologies

Companies offering DPI in silicon

See also

Sources

External links

Companies currently marketing DPI technologies

★ Alcatel-Lucent

★ Arbor Networks

★ Cisco - AON and STG groups

★ CloudShield Technologies

★ Ellacoya

★ Huawei

★ IBM - via its DataPower acquisition

★ Juniper Networks

★ Mazu Networks

★ Narus

★ Procera Networks

★ Reconnex

★ Secure Computing

★ Sonicwall

Companies offering DPI in silicon

★ Cavium

★ CloudShield Technologies

★ IDT

★ NetLogic Microsystems

★ Safenet

★ Sensory Networks

★ Tarari

See also

★ Firewall

★ Next Generation Firewall

★ Detection Systems

Sources

1. The End of the Internet?

External links

★ Deep packet inspection meets 'Net neutrality, CALEA (arstechnica.com)