Home / Cisco Security / Introduction to Deep Packet Inspection (DPI)

Introduction to Deep Packet Inspection (DPI)


What is Deep Packet Inspection ?
DPI or so called as Deep packet inspection is a type of data administering that examines in detail on the data being sent over a workstation system or so called your network and typically takes action by obstructing, re-routing, or classification accordingly.

Deep packet inspection (DPI) is an innovative method of inspecting and dealing network traffic. It is a form of packet purifying that locates, classifies, categorizes, reroutes or blocks packets with exact data or code payloads that conventional packet filtering, which inspects only packet headers, cannot detect.

DPI can recognize and categorize traffic based on a signature catalogue that includes data extracted from the data part of a packet, permitting finer control than classification based only on header communication. End points can use encryption and complication techniques to evade DPI actions in many cases.
Fig 1.1- DPI- Deep Packet Inspection
DPI-enabled policies have the capability to look at Layer 2 and Layer 3 of the OSI model. In some cases, DPI can be summoned to look through Layer 2-7 of the OSI model. This comprises headers and data protocol structures as well as the payload of the message. DPI functionality is summoned when a device looks or takes other act, based on data beyond Layer 3 of the OSI model.

Traditional packet filtering only states the header information of each packet. This was a plain methodology that was less classy than the modern method to packet filtering largely due to the technology limitations at the time. Firewalls had very little processing power, and it was not adequate to handle large capacities of packets. In other words, traditional packet filtering was similar to reading the title of a book, without consciousness or assessment of the content inside the shell.

With the advent of new technologies, deep packet inspection became achievable. As it became more in-depth and wide-ranging, it became more analogous to picking up a manuscript, outrageously open it, and analysis it from shell to shell.


DPI can be used by public and private companies to view the contents of packets of evidence being sent over the Internet, and act in several ways on this information. Though, it was initially intended to be a mean of control the network to defense Internet users from malicious programmers, being sent over the Internet, by capturing them before they stretched the end-users. Now the technology is deliberated for other uses or requests such as network management, government surveillance, targeting advertising and dealing with copyright infringements.

While DPI has many possible use cases, it can easily discover the receiver or dispatcher of the content that it observers, so there are some concerns around confidentiality. This is principally a concern when DPI is used in the framework of marketing and publicizing, through observing the performance of users and export perusing and other data to advertising or advertising corporations.


DPI has the following limitations:
  • It is proficient of producing new vulnerabilities in addition to guarding against the present types. Although it is effective against denial of service attacks (DoS attacks), buffer overflow attacks, and some kinds of malware, DPI could also be used to activate those same types of attacks.
  • It surges the complication and clumsy character of firewalls as well as other security-based software.
  • It requires periodic updates and adjustments to stay optimally efficient.
  • When DPI is executed, the processor remains busy and eventually cannot free its possessions for other user requests. This badly affects the quickness of the computer.