Network Security
Deep Packet Inspection (DPI)
Also known as: DPI, Content inspection
Definition
An inspection technique that examines the full payload of network packets — not just headers — to identify applications, content, and threats.
Examples
- An IPS detecting a Cobalt Strike beacon by matching a payload signature in HTTP traffic.
- An NGFW classifying traffic as Zoom or YouTube using DPI even when on TCP/443.
Related terms
Next-Generation Firewall (NGFW)
An advanced firewall that combines stateful inspection with application awareness, integrated IPS, user-identity controls, and TLS inspection to enforce richer policies.
Intrusion Prevention System (IPS)
An inline security control that detects malicious traffic and actively blocks, resets, or scrubs it in real time.
Intrusion Detection System (IDS)
A passive security control that monitors network or host activity for malicious behaviour and raises alerts without blocking traffic.
Packet Filtering
A network-security technique that inspects each packet's header fields and allows or drops it based on a static ruleset.
Signature-Based Detection
A detection method that compares observed traffic, files, or behaviour against a database of known-bad patterns (signatures) to flag malicious activity.
SSL Stripping
A man-in-the-middle attack that silently downgrades a victim's HTTPS connection to plain HTTP so the attacker can read and modify the traffic.