Deep Packet Inspection

Why Trust Techopedia

What Does Deep Packet Inspection Mean?

Deep packet inspection (DPI) is a form of filtering used to inspect data packets sent from one computer to another over a network. DPI is a sophisticated method of packet filtering that operates at the seventh layer (the application layer) of the Open System Interconnection (OSI) reference model. The effective use of DPI enables its users to track down, identify, categorize, reroute or stop packets with undesirable code or data.


DPI is normally more effective than typical packet filtering, which inspects only the packet headers. DPI inspects the packet’s data part (and sometimes the packet header) when it goes over an inspection point, attempting to find protocol noncompliance, intrusions, spam, viruses or other predefined factors to determine whether the packet can pass or whether it must be directed to another location.

With DPI, organizations can boost their network management systems without investing heavily in core network technologies.

Deep packet inspection is also known as complete packet inspection and information extraction.

Techopedia Explains Deep Packet Inspection

DPI integrates the functions of an intrusion prevention system (IPS) and an intrusion detection system (IDS) with a conventional firewall. It is commonly used by communication engineers and service providers to manage network traffic. They can control network traffic by allocating valuable network resources to high-priority data packets and messages.

Despite its many benefits, DPI has the following limitations:

  • It is capable of producing new vulnerabilities in addition to protecting against the present types. Although it is successful against denial of service attacks (DoS attacks), buffer overflow attacks, and some kinds of malware, DPI could also be used to trigger those same types of attacks.
  • It increases the complexity and cumbersome character of firewalls as well as other security-based software.
  • It requires periodic updates and alterations to stay optimally efficient.
  • When DPI is implemented, the processor remains busy and ultimately cannot free its resources for other user applications. This adversely affects the speed of the computer.

DPI is being used by governments to monitor and protect territorial cyber boundaries. DPI has also been used to inspect user activities, to maintain the security of big local and wide area networks, and to block malware and suspicious software. In addition, service providers make use of DPI to keep track of customers’ Web-browsing habits. These customer details are then used by companies focused on targeted advertising.


Related Terms

Margaret Rouse
Senior Editor
Margaret Rouse
Senior Editor

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.