image

Deep packet inspection is useless when you’re talking about applications

Back in the early days of networking (when the pipes were small and dumb) the concept of “Deep Packet Inspection” started to bubble up the network stack. Deep Packet Inspection describes the ability of a networking device to fully inspect an Ethernet packet; essentially it’s the ability to examine the data in the payload that’s actually being transported across the network. This is a Very Good Thing because it allows myriad networking devices to perform interesting and useful functions like sniffing out malicious activity (attacks, attempted breaches) and, in many cases, stop them.

The reason it’s called Deep Packet Inspection, of course, is because it’s based on the limited ability of network devices to inspect the flow of data. That is, they were only able to do so on a packet by packet basis. That’s a problem when you start trying to examine application data because of the way that data is bifurcated into packets at the lowest layers of the network stack.