A small talk on DPI and bypassing DPI


Level 14
Thread author
Top poster
Aug 22, 2013
Information being the gold currency and the depravation of it is considered inhumane, we have seen a tremendous growth in the field of networked devices, and it brought its own problems with it. In the last few years, there has been extensive debate and discussion around network neutrality. The fact that the issue of net neutrality has managed to attract wide public attention is an encouraging sign for a free and open Internet. Traditionally, the network did not distinguish between those who provided content and those who were recipients of this service, in fact often, the users also functioned as content providers. The architectural design of the Internet mandated that all content be broken down into data packets which were transmitted through nodes in the network transparently from the source machine to the destination machine. Internet's architectural design, which mandates that network features are implemented as the end points only (destination and source machine), i.e. at the application level, is called the 'end to end principle'. This means that the intermediate nodes do not differentiate between the data packets in any way based on source, application or any other feature and are only concerned with transmitting data as fast as possible, thus creating what has been described as a 'dumb' or neutral network.

While the above model speaks of a dumb network not differentiating between the data packets that travel through it, in truth, the network operators engage in various kinds of practices that priorities, throttle or discount certain kinds of data packets. Deep packet inspection (DPI) enables the examination of the content of a data packet being sent over the Internet. For instance, if the activity in question is accessing a webpage, the web-browser makes a request to access a page which is then passed on to the lower layers. The next layer is the Presentation Layer which deals with the format in which the data is presented. This lateral performs encryption and compression of the data. In the above example, this would involve asking for the HTML file. Next comes the Session Layer which initiates, manages and ends communication between the sender and receiver. In the above example, this would involve transmitting and regulating the data of the webpage including its text, images, or any other media. These three layers are part of the 'payload' of the data packet.

The next four layers are part of the 'header' of the data packet. It begins with the Transport Layer which collects data from the Payload and creates a connection between the point of origin and the point of receipt and assembles the packets in the correct order. In terms of accessing a webpage, this involves connecting the requesting computer system with the server hosting the data and ensuring the data packets are put together in an arrangement which is cohesive when they are received. The next layer is the Data Link Layer. This layer formats the data packets in such a way that that they are compatible with the medium being used for their transmission. The final layer is the Physical Layer which determines the actual media used for transmitting the packets.

Generally, there are three broad categories of packet inspection - shallow, medium, and deep. Shallow packet inspection involves the inspection of the only the header, and usually checking it against a blacklist. The focus in this form of inspection is on the source and destination (IP address and packets port number). This form of inspection primarily deals with the Data Link Layer and Network Layer information of the packet. Shallow Packet Inspection is used by firewalls.

Medium Packet Inspection involves equipment existing between computers running the applications and the ISP or Internet gateways. They use application proxies where the header information is inspected against their loaded parse-list and used to look at a specific flow. These kinds of inspections technologies are used to look for specific kinds of traffic flows and take pre-defined actions upon identifying it. In this case, the header and a small part of the payload is also being examined.

Finally, Deep Packet Inspection (DPI) enables networks to examine the origin, destination as well the content of data packets (header and payload). These technologies look for protocol non-compliance, spam, harmful code or any specific kinds of data that the network wants to monitor. The feature of the DPI technology that makes it an important subject of study is the different uses it can be put to. The use cases vary from real time analysis of the packets to interception, storage and analysis of contents of a packet.


Some software soloutions for bypassing DPI ( other than VPN solutions)
1. Adguard 7.10 Beta 1
[Enhancement] Add an DPI-bypass option to AdGuard Stealth Mode #4175

Let’s see what Deep Packet Inspection is. Well, it is a system of deep analysis and filtering of traffic by packet content, as well as the accumulation of statistical data. In this way, internet service providers have the ability to control the passing traffic and thereby limit access to the content for their clients.

Now AdGuard can modify outgoing packet data so that the client does not fall under the DPI blocking criteria. This means that users can avoid blocking and get access to the content they want. However, not in all cases DPI-systems can be bypassed. We are actively trying to fix this.

Remember we promised a lot of updates? Here's another one!
2. GoodbyeDPI — Deep Packet Inspection circumvention utility GUI gor Goodbye DPI
4. Green Tunnel
5. zapret
Further readings
GDPI: Signature based Deep Packet Inspection using GPUs