Deep Packet Inspection

Network equipment that examines packet contents beyond headers.

Definition

Deep Packet Inspection (DPI) technology examines the full content of network packets, not just routing headers. This enables sophisticated filtering based on protocols, content patterns, and application signatures.

DPI is the foundation of advanced censorship systems, enabling SNI filtering, protocol detection (blocking VPN protocols), and content-based filtering. It requires significant infrastructure investment but enables precise, evasion-resistant censorship.

How We Detect This

We identify DPI through behavioral analysis: testing for protocol-specific blocking, examining how connections fail (RST timing, injected responses), and detecting signature-based blocking patterns. Inconsistent blocking that varies by packet content rather than destination indicates DPI presence.

Examples

•VPN protocols blocked regardless of destination
•Connections reset mid-stream based on content
•Protocol obfuscation required to bypass blocks

Related Terms

SNI Filtering

Sources

GFW Technical Analysis

All Terms

DNS Blocking SNI Filtering HTTP Blocking IP Blocking Throttling Network Shutdown Platform Block Collateral Damage Deep Packet Inspection