Overview
Traditional packet filtering only looks at the headers (IP addresses, ports). DPI goes deeper, analyzing the actual payload (the 'data' part) of the packet to identify the application, the user, and any potential threats.
Capabilities
- Application Identification: Distinguish between different types of traffic (e.g., Facebook vs. YouTube) even if they use the same port (HTTPS/443).
- Malware Detection: Identify known attack patterns or malicious code within the payload.
- Data Loss Prevention (DLP): Detect and block the unauthorized transmission of sensitive data (e.g., credit card numbers).
- Traffic Shaping: Prioritize or throttle specific applications based on business policy.
Challenges
- Performance: Analyzing the payload of every packet requires significant processing power.
- Encryption: DPI cannot see inside encrypted traffic (HTTPS) without performing SSL/TLS decryption (man-in-the-middle).