Deep Packet Inspection: Unearthing Gold in Network Packets
Deep packet inspection (DPI) is a technology used to capture network packets as they pass through routers and other network devices, and perform packet filtering to examine the data and find deeper information about the data carried by the packets.
Unlike stateful packet inspection (SPI aka shallow packet inspection) which only looks at a packet's header and footer, DPI examines the header, footer, source and destination of incoming packets, and the data part of the packet, searching for illegal statements and pre-defined criteria, allowing you to decide whether to let the traffic pass through your network or not. DPI makes it possible to find, identify, classify, reroute or block packets and help you determine—based on the content contained in the data packets—whether the traffic is secure, compliant, permitted and genuinely required by the end-user/endpoint application or not.
SOME MAJOR APPLICATIONS OF DPI
- Deeper network traffic forensics to aid flow-based analysis
- Application-aware network performance monitoring
- Network-based application recognition
- Network traffic regulation and control
- Network security (to identify virus, spams and intrusions)
DIFFERENCE BETWEEN FLOW ANALYSIS & DPI
Flow-based network traffic analysis allows you to intercept the network traffic flow as it passes through flow-enabled network devices (routers and switches). Flow analysis provides comprehensive data to validate quality of service, type of service and class of service of the network packet, its source and destination IP address, etc.
DPI performs deeper packet filtering and forensics and examines every byte of every packet that passes through the DPI probe. DPI has the ability to inspect traffic at layers 2 through 7 which allows you to get detailed information of what content (not just the type of content, but the content itself) is passing through your network.
DPI BROKERS THE MARRIAGE OF NPM & APM
While network performance monitoring (NPM) and application performance monitoring (APM) have been important to monitor the health of the IT infrastructure, they always operated in two different silos – network side and systems side. The challenge had always been to get insight into how applications are being impacted as you study the network performance.
With DPI, you will be able to analyze the packets in detail and determine if they contain any insecure or unrelated content that could affect the performance of the end-user application receiving the packet. Alongside application availability and performance (via APM), you can also mon
itor the root-cause of potential application issues due to information contained in network packets. This is called APPLICATION-AWARE NETWORK PERFORMANCE MONITORING (AA-NPM).
DPI enables AA-NPM by allowing you to get deeper metrics such as network response time (NRT) and application response time (ART).
- NRT fetches you information on how long it took for the network devices to respond when they get a packet transmission request.
- ART fetches information on how long it took for the application receiving the packets to respond.
Both these metrics cover the network-side and application-side of the issue and clearly shed light on where the issue exists.
DPI is an important aspect of network monitoring and we’ll soon start seeing DPI probes being offered along with network monitoring and application monitoring tools for deeper packet forensics and network security.
Top Comments