Login or Register to Ask a Question and Join Our Community

learn unix and linux commands

Using Deep Packet Inspection

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
# 1  
Old 05-29-2008
Using Deep Packet Inspection
Large companies are now starting to evaluate deep packet inspection technologies for several different purposes and a lot of questions are being made for network/security professionals about this technology. Let's talk about some of these questions:
First:
What is Deep Packet Inspection?
Deep packet inspection (DPI) is a form of packet analysis that examines the entire payload of a packet (sometimes at wirespeed) searching for non-protocol compliance, viruses, spam, intrusions, applications (P2P programs using well known ports like port 80 per example) to decide if the packet can pass or if it needs to be routed/rated/blocked, or for the purpose of collecting statistical information.
Second:
What's being done related with Security?
DPI enables advanced security functions like full packet string search that enable administrators to identify/block Layer 7 attacks like virus, worms, spam, etc with less false positives. Also Law Enforcement Agencies are start using DPI for Lawful Interception in core IP networks.
Third:
What's being done related with Network?
DPI is being used for companies/carriers for Internet data mining, application traffic control and network visibility. It enables companies/carriers to control non desired applications (P2P, Video Streaming, etc) wich consumes bandwidth with control and don't generate revenue (for carriers), allows administrators to identify users that are using non permited applications (for companies). With network visibility administrator can identify more easily network pain points (bottlenecks) and plan better the nework growth.
Fourth:
What else?
There's several other applications that DPI can help.
  • Quality os Service
  • Advertising
  • SLA
  • Traffic Monitoring
Why there's so controverse related to DPI?
DPI is a controversial technology (some says that DPI can change the Net neutrality) and there's rumors that is being used for Internet censorship. In my point of view like everything else DPI can be used for the good or the bad...It's always up to us to decide.
It really works?
I evaluated some DPI technologies and for sure there's a lot of beneficts that administrators can get with it. There are limitations but in the overall It really works.
My recomendation? See for yourself!
Regards


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Programming

Deep copy of structure in C

Hi , I have a scenario where i need to copy the iter to another local variable , where iter is of type MCC_T_SYS_ADDRINFO *iter . struct addrinfo { int ai_flags; int ai_family; int ai_socktype; int ai_protocol; ... (5 Replies)
Discussion started by: breezevinay
5 Replies

2. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies

3. Programming

C++ Execution Inspection - Ideas Wanted

"C++ Execution Inspection" is the best term I could coin for what it is I'd like to do. Suggestions from anyone who has done programming in C++ on Linux are welcome. I was taught C++ in classrooms that used MS Visual Studio a few years ago. Visual Studio had a debugging mode that made it really... (1 Reply)
Discussion started by: ejr2122
1 Replies

4. Shell Programming and Scripting

recursion too deep

I am running a korn shell script which has a recursive function. The script ran for 117 iterations and ended up with the following error "recursion too deep". what should be done to avert this? Thanks in advance Swamy p.s. I am on UNIX MPRAS V4 (3 Replies)
Discussion started by: swamy455
3 Replies
Login or Register to Ask a Question