Gigalight

Font Size:big  middle  small

A Guide to Deep Packet Inspection

Number of visits: Date:2018-5-3 18:46

Abstract:

Deep Packet Inspection (DPI) is used for in-depth analysis of the packets sent over the internet. All the communication that happens over the internet makes use of 'packets' to transfer data. It includes our VOIP calls (like Skype), websites we visit, and the emails we send.


We can compare a data packet with our traditional mailing system where a letter contains information like name and address of the sender and receiver along with the content for the intended receiver. The postal service will be able to make use of the address mentioned on the cover to deliver the letter and does not check the content inside it. The packets sent over the Internet are routed similarly; each packet contains the source and destination IP address which is used to successfully deliver packets to the intended recipients. Different hops present in the path will not look at the body/content of a packet. It makes use of the destination address to route it. Packet Inspection is not a new concept; DPI is an addition to this existing technique, which takes the packet inspection game to another level.


What Is Deep Packet Inspection?


DPI allows us to inspect the packets beyond header and footer. It can dig deeper and get some granular information like the application to which the packet belongs and the packet content.


The introduction of the DPI brings analysis of the packet content into the picture, which can be used for several purposes. It can help in identifying malicious packets, intrusions, and while performing traffic management as well.


DPI strips down the header and footer from the packet and inspects the payload to perform signature matching, looking for specific string and other details.


DPI


Application of DPI on a large scale requires high-end computing resources for the analysis of collected data. The analysis can also introduce latency in the transmission of the packets. DPI can be applied through a physical device or software application.


There are several methods that are used by DPI to perform the inspection. Some of the popular methods used include port-based, statistical, and automation-based approaches. Port-based is the standard protocol identification approach which inspects the port fields in the TCP/UDP headers for the commonly assigned port numbers to the respective protocol. In statistical analysis, the focus is on the classification of the traffic rather than payload and gathering generic information like packet length, port numbers to classify the traffic. The automation based approach is the widely preferred pattern/regular expression matching technique which uses a finite state machine for the pattern matching. It includes the following state: initial state, acceptance state for matching the patterns and intermediate states for partial matching cases. Matching begins with the initial state when a payload string enters the automation engine, and if the process reaches the final state, it means that the match is found.


Importance of Deep Packet Inspection


Optimization of network traffic by ISP:


It can be used by the ISPs to prioritize the traffic on their network and provide better service to the consumer. They will be able to identify the VoIP traffic and can prioritize it to reduce the latency in the communication. It also helps in network bandwidth management by reducing the priority of the P2P connections like torrent clients. It allows the ISPs to provide additional performance options to their enterprise clients for traffic prioritization.


Keeping IOT devices in check:


As we know that currently, IOT is a booming technology, more and more devices are getting connected to the internet every day, which increases concern regarding the repeated exploitation of them for DDOS attacks. Use of DPI will help the ISPs to block these kinds of malicious requests from the IOT devices.


DPI


Enterprise security enhancement:


Use of DPI by enterprises helps in securing the company's network with more capable alternative than the traditional Stateful Packet Inspection firewall. It does the job of both an IDS and IPS system and allows the company's security auditors to enforce rules for preventing confidential information from being sent outside the organization's network. DPI helps monitor internal traffic as well as block malicious requests from entering the internal network. It enables user notification, in case a user is trying to send a restricted document outside the company's network via email. A user can be notified about obtaining the required permission before sending the data outside the company.


How Does Deep Packet Inspection Affect Consumers?


ISPs are making use of DPI to analyze consumer behavior on the Internet and selling their personal browsing data to marketing and advertising companies. This practice raises concern regarding consumer privacy.


DPI


It can also be used to provide security agencies unauthorized surveillance of a user's activity, and governments can restrict users from accessing certain contents which are against their agenda.


Optical Modules Applied in Deep Packet Inspection Applications


For 100G high-speed DPI applications, Gigalight designs, manufactures and supplies a series of receive-only optical modules. These optical receiver modules include 100G CFP2 LR4 Rx, 100G QSFP28 LR4 Rx, and 100G QSFP28 4WDM-40 Rx.

TypeInfo: Knowledge Center

Keywords for the information: