Deep Packet Inspection
This article describes how deep packet inspection (DPI) is different from other types of packet processing. Most packet processing is done via the IP header, but deep packet processing inspects the packet contents. How does DPI help to secure a network? What are the different approaches to DPI? Make sure you can explain the three techniques used in DPI and name some of the tools used for packet analysis.
Milestones
1998
Wireshark, an earlier part of the Ethereal project, is released as a free, open-source packet sniffing tool. It initially supports shallow packet inspection, only at the IP header level.
2002
Traffic inspection solutions NetScreen (acquired by Juniper networks) are designed to be installed into firewall systems. Since the operation is expensive, it is triggered only on a need basis.
2005
MIMESweeper, ClamAV, NetCache are some of the early open-source internet proxy caching servers introduced for scanning content to an ICAP server running anti-virus software.
2006
The Great Firewall of China is deployed successfully. This internet censorship project commenced in 1998 for online traffic regulation in China.
2012
DPI becomes a powerful network security tool with deployment on SDN/cloud servers.
2012
DPI analysis tools feed network traffic data into Big Data Analytics for ISPs to derive critical insights on user behavior.