Deep Packet Inspection (DPI)

Advanced packet filtering for managing network traffic and security.

Woman checking Deep Packet Inspection


What is Deep Packet Inspection (DPI)?

Data sent over computer networks, such as the Internet, is divided into packets. The computer or other device that receives these packets then reassembles them. So a packet is a small segment of a larger message.

Deep Packet Inspection (DPI), is a type of network packet filtering. In other words, deep packet inspection can find, detect, classify, block, or reroute packets with specific code or data payloads that are not found, found, classified, blocked, or redirected by traditional packet filtering. Deep packet inspection, contrary to plain packet filtering, examines more than just packet headers.

Learning what is Deep Packet Inspection


How does DPI work?

As packets go across network boundaries, the data content is examined by the DPI. When it finds any content or code that is forbidden, it denies access. All this is happens on virtual gateways, like VPNs.

Network teams can select the permitted protocols using DPI consoles. Popular streaming services, gaming websites, messaging applications, and social networking platforms may have their data excluded for safety and productivity reasons. With a few clicks, managers may modify these exclusions and define user-specific rights. DPI may be included into network security software and is a versatile solution.

Scheme of how DPI works

Get the Core plan to enable Deep Packet Inspection (Lite)

NordLayer Core Plan


Benefits of NordLayer's DPI Lite

Enforcement of content policies

Enforcement of content policies

DPI Lite gives organization owners the option of deciding which applications/sites members can interact with while connected to their virtual private gateway. Owners may use DPI to block malicious sites, others may block file sharing sites, streaming, gambling or productivity-lowering apps and games. The use case for this feature is defined by the type of problem organization owners want to solve.

Block malicious content

Block malicious content

When paired with threat detection algorithms, deep packet inspection can be used to block malware before it compromises endpoints and other network assets. This means it can help filter out activity from ransomware, viruses, spyware, and worms. Even further, DPI Lite provides visibility across the network that can be analyzed to identify abnormal traffic patterns, alerting security teams to malicious behavior.


Deep Packet Inspection Use Cases in the industry

Checking why it is important to secure BYOD

Secure BYOD from threats

Deep packet inspection is vital if a business uses Bring Your Own Device (BYOD) computers for work. This prevents worms, spyware, and viruses from getting into the corporate network. Furthermore, the rules and policies defined by system admins, allows them to restrict certain protocols and pages to be opened within their network. DPI detects prohibited uses within approved applications and stops them.

Network admins checks how DPI ease the flow of network traffic

Ease the flow of network traffic

Network admins also employ deep packet inspection to facilitate the movement of network traffic. For instance, you can employ deep packet inspection to allow high-priority information to go ahead of other lower priority messages. Additionally, you can give mission-critical packets priority over regular browsing packets. Deep packet inspection can be used to throttle or reduce the data transmission rate if peer-to-peer downloads are giving you trouble.

Man learns how nordlayer dpi can fit to his business

Tailor-fit offerings for your customers

Deep packet inspection is another tool used by mobile service operators and other similar service providers to customize their services to specific customers. For example, record labels and other copyright holders can ask ISPs to use deep packet inspection to stop their content from being downloaded illegally.

Person researching how dpi prevents information leaking

Prevent information leaking

Deep packet inspection can assist enterprises in stopping information leaks, such as when emailing a private file. A user will not be able to submit a file successfully; rather, they will obtain guidance on how to gain the required authorization and clearance.

Man inspects how DPI can be used for eavesdropping and censorship

Eavesdropping and censorship

Deep packet inspection, like other technologies, may be employed for less than honorable objectives like eavesdropping and censorship. Deep packet inspection has been used by governments to monitor network activity within their nations and block websites and information that is detrimental to those governments' interests. This is how certain governments have been able to prohibit access to websites like Wikipedia, Google, and Facebook as well as pornographic, religious, and political dissenting content.


How to enable DPI Lite in NordLayer?

Enabling DPI Lite allows to select app and web categories to be blocked.

  1. Get Core or Premium plan with dedicated server

  2. Create Virtual Private Gateway in control panel

  3. Select DPI categories that you want to block on the gateway level

  4. Enjoy safe browsing!

Protect your business with NordLayer’s DPI

Protect your Business with NordLayer

With NordLayer's DPI you can choose from up to 250 categories of ports and protocols to block while being connected to your virtual private gateway.


Frequently asked questions

Stateful Packet Inspection (SPI) only evaluates packet header information, such as source IP address, destination IP address, and port number.

DPI goes a bit deeper and looks at a more comprehensive range of data and metadata associated with individual packets.