2 Replies Latest reply on Sep 22, 2016 8:41 AM by darragh.delaney

    What is diference between Advanced traffic monitorization with DPI(Deep Packet inspetion) and without DPI?

    pedro cristóvão

      What is diference between Advanced traffic monitorization with DPI(Deep Packet inspetion) and without DPI?

       

      I think about what one can monitorize and other not and the advantage of  Advanced traffic monitorization without DPI(Deep Packet inspetion) ?

      I want know because i use NetFlow and need for powerpoint, so if someone can help i really apriciate, thank you.

        • Re: What is diference between Advanced traffic monitorization with DPI(Deep Packet inspetion) and without DPI?
          Parker Robinson

          I will answer this question by comparing NTA using Netflow and QoE(Quality of Experience) using DPI. 

           

          With Netflow you can see who(endpoints) and what(applications) are having conversations on your network.  Also, the amount of bandwidth those conversations are using.  However, you are not able to see the quality of those conversations, only who and what is on your network.

           

          With QoE using DPI, you get the quality of applications traversing through your network, and you also get the data volume for each application, which is simlar to amount of bandwidth those application are using.  Speaking of the quality aspect, you get Applciation response time and also Network response time for every application(that is suppored by QoE) you are monitoring on the NICs that your packet analysis sensors are monitoring.

          The Application response time is calculated with the time to first byte.

          The Network response time is calculated by the delta times of the TCP handshake.

          When you see DPI, think Wireshark, because that's how granular that technology is.  Technically, one could calculate the Application and Network response times by analyzing a wireshark packet capture by looking at delta times of or between key packets.  For example, the time to first byte, would be the time between the Get request from client machine to web server and time to first byte packet would be the first packet the web server sends after receiving Get request.  In other words, the time it takes web server to process data before sending response.

           

          Hope this helps!!

           

          Regards,

          Parker Robinson

          1 of 1 people found this helpful
          • Re: What is diference between Advanced traffic monitorization with DPI(Deep Packet inspetion) and without DPI?
            darragh.delaney

            DPI is way more broad when it comes to traffic monitorization than just latency. Packet inspection is a process where network packets are analyzed and depending on what application you are using, certain information (AKA metadata) is captured. For most people DPI is automating a lot of the manual packet analysis which can be achieved using tools like Wireshark.

             

            When it comes to metadata, there is a lot which can be captured from network traffic

            1. Latency information which is described in an earlier response to this post
            2. Ethernet header. Capturing MAC addresses can be useful later on for tracking down rogue network devices
            3. IPv4 or IPv6 addressing
            4. TCP\UDP port information.
            5. Application specific information like file names, website names or application type
            6. Packet construction information like packet sizes.

             

            DPI can be very granular. The trick is to pick an application that stores only the information you need to troubleshoot or keep your network secure. In summary, DPI lets you drill down further than you can with NetFlow. It exposes a wealth of information which is contained within network packets.

            1 of 1 people found this helpful