NO2ID

http://www.wired.co.uk/news/archive/201 ... tion-works

How deep packet inspection works
By Duncan Geere
27 April 12

The phrase "deep packet inspection" has been cropping up quite a bit, of late, particularly with regard to the UK government's proposed web surveillance plans. But what is it, how does it work, and why should you worry about it?

...

There are two major issues with deep packet inspection, however. The first is that it might not be legal, and the second is that it's trivial to circumvent.

The Regulation of Investigatory Powers Act 2000 (which is the act that was amended following the European Commission's legal action) clearly states that the interception of telecommunications is an offence if transmissions are monitored "as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication". Given that the uniqueness of the information gathered through deep packet inspection is enough to build up a profile of usage data, one could argue that this constitutes "interception" and is therefore a criminal offence. However, the language in the act is broad and so far, there's little precedent on either side.

As for the second problem, there are hundreds of services on the web offering encryption for your communications. It's far harder for deep packet inspection systems to dig into secured communications, so if you can create a secure "tunnel" between your computer and a server outside your ISPs network (known as a VPN, in this case), then any data that you send through will be much more difficult (read: not really worth the hassle, unless you're doing something seriously illegal) for your ISP to access.

Ultimately, there are both perfectly legitimate and very troublesome applications of deep packet inspection technology. It makes your Skype calls and YouTube videos play smoothly, and stops your grandparents getting a virus on their laptop, but it can also be used by ISPs selling your data to advertising companies or to block you from accessing certain, politically-troublesome, websites.

...

Excuse me ?

I'm an IT professional and this is some new use of deep packet inspection with which I am unfamiliar, could someone enlighten me as to how opening TCP/IP packets on the fly to examining their contents can make skype and youtube play more smoothly or prevent people getting a virus ?

Sounds like a confusion with Quality-of-Service for the first bit, and I-don't-know-what for the anti-virus.
If you see an answer to your comment on the article, let us know!

As I understand it, QoS is a somewhat mechanical process which uses information in the packet header to sort data into queues of different priority and is unaware of the packet contents.
Anti-virus normally buffers things in order to scan them, and normally does this at points where e.g. emails are stored/queued, so again not examining the individual data packets on the network, but working on the complete item once it has arrived. There are some which do a sort of on-the-fly scan, but these are still not at the data-packet level (that I know of).

QoS can only happen with TCP/IP header inspection as that denotes the protocol, source and destination information allowing particular services to be prioritised. The packet contents are irrelevant.

Skype encrypts ALL voice, video and instant messages using (a minimum of) AES-256 encryption making DPI pointless.