deep packet inspection (DPI)

On the Internet, data packets are transmitted from a sending station to a receiving station. The sender packages the information in data packets that are opened by the receiving station. Uninvolved parties can see the source addresses and destination addresses, but have no access to the information content.

Deep packet inspection( DPI), a dynamic packet filtering method used in next generation firewalls( NGFW), allows access to the information content of the data packets. This access is used to combat spam, but also for control and censorship purposes. Deep packet inspection can also be used to control congestion and reduce data traffic, and to protect access providers' and network operators' own business models.

In contrast to deep packet inspection, with stateful packet inspection( SPI) the firewall or router only evaluates the header and obtains the traffic information that is relevant to it. With deep packet inspection, on the other hand, the router also accesses the payload containing the information content and evaluates it. The router recognizes the file and sees whether it is a text, graphic, audio or video file. This payload data is analyzed and interpreted by auxiliary devices at such a high data rate that no delay or data congestion occurs.

The goals associated with deep packet inspection depend on business and political intentions. They can be virus and spam detection, reduction of unwanted traffic, regulation of network congestion, but also censorship and violation of telecommunications secrecy. DPI detects DoS attacks and various malware, but also enables attacks based on them. In addition, the use of DPI techniques makes security measures more complex, which makes the whole security concept more inert. This is also due to the fact that DPI technologies place a greater load on firewalls.