A Deep Packet Inspection (DPI) system inspections the packets that make up one communication flowing through the network completely. It analyzes the headers and their payload. This function is performed by any equipment that is not the origin or destination of a communication, in which all the additional information to the network and transport layer headers is reviewed. This way, DPI is understood as the function of deep analysis of the content of a packet (this includes the headers and the payload).
The application of the DPI function is an essential tool for several other functions of the network like the spam and viruses filters, IDS/IPS, Firewall, systems with cache, monitoring and troubleshooting of the network, and bandwidth administration and internet traffic.
As regards its function of bandwidth administration, DPI can classify the traffic flows according to the application that is establishing communication. This classification is a network’s function, independently of the mark established by the users’ systems. Only the header inspection is not to be trusted, since many applications use dynamic ports and reuse ports which were used in the past by other applications.
The DPI classifications based on protocols and applications are obtained making use of different techniques, which are:
- Analysis of patters: characters strings with bits and bytes patters are looked for.
- Behavior Analysis: behavior patterns of the communications are looked for (like the size of the packets, data rates, amount of streams of the application, etc.).
- Statistical Analysis: It calculates the static indicators that can identify types of transmissions, like medium, variation of flow parameters, entropy, etc.
As examples of bandwith control applications based on DPI, the following can be found:
- Prioritize "real-time" interactive applications such as VoIP, remote access, etc.
- Limit applications with great bandwidth consumption (like big files’ transference in P2P schemes, and web devices) during periods of congestion.
- Block non desired applications, such as 2P2 transferences in companies.
The DPIs are an important component to completely secure the Service Providers networks.