Deep Packet Inspection

Deep packet inspection (DPI) is a form of computer network packet filtering that examines the data part of a through-passing packet, searching for non-protocol compliance or predefined criteria to decide if the packet can pass. This is in contrast to shallow packet inspection (usually called just packet inspection) which just checks the header portion of a packet.

DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model. This includes headers and data protocol structures. The DPI will identify and classify the traffic based on a signature database and will allow the user to perform many things.

A classified packet can be redirected, marked/tagged, blocked, rate limited, and of course, reported to a reporting agent in the network.

Many DPI devices also perform the ability to identify flows rather than a packet by packet analysis.

DPI allows phone and cable companies to "readily know the packets of information you are receiving online--from e-mail, to websites, to sharing of music, video and software downloads" - as would a network analysis tool.

DPI is also increasingly being used in security devices to analyze flows, compare them against policy, and then treat the traffic appropriately (i.e., block, allow, rate limit, tag for priority, mirror to another device for more analysis or reporting).