(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 170 - Deep Packet Inspection (DPI)
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
IT-S 170 | 14 October 2024 | 7 Days | Istanbul | Registration Form Link |
IT-S 170 | 11 November 2024 | 7 Days | Istanbul | Registration Form Link |
Course Description
Deep Packet Inspection (DPI) is a type of network packet filtering. Deep packet inspection evaluates the data part and the header of a packet that is transmitted through an inspection point, weeding out any non-compliance to protocol, spam, viruses, intrusions, and any other defined criteria to block the packet from passing through the inspection point. DPI can examine the contents of a message and identify the specific application or service that sent it. In addition, filters can be programmed to look for and reroute network traffic from a specific Internet Protocol address range or a certain online service.
Course Objectives
- Understand the concept of legal monitoring in telecommunication systems
- Understand methods of traffic capturing and analyzing
- Be aware of technical requirements for supervision
- Be acquainted with opportunities for operators and service providers
Who Should Attend?
- R&D specialists
- Network designers & integrators
- Network/system administrators & operators
- Professional services & consultants
Course Details/Schedule
Day 1
- Shallow Packet Inspection (SPI)
- The structure of IP Headers
- Packet filtering firewalls, static packet filtering
- Stateful firewalls, stateful packet inspecton, dynamic packet filtering Berkeley Packet Filter (eBPF)
- What is Berkeley Packet Filter?
- Raw interfaces
- Classic BPF (cBPF) / Extended BPF (eBPF) differences
- BPF Syntax
- LAB: Capture traffic using BPF filters
Day 2
- Deep Packet Inspection (DPI)
- What is deep packet inspection?
- How DPI works?
- DPI use cases
- DPI technologies
- Challenges of DPI
- Open Source DPI toolkits
- High-Speed Web-based Traffic Analysis and Flow Collection using ntopng
- High-speed packet capture, filtering and analysis using pf_ring
- An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6: nProbe
- Open and Extensible LGPLv3 Deep Packet Inspection Library: Ndpi
- LAB: Installing and using ntopng
- LAB: Using pf_ring to capture packets
- LAB: Using ndpi on top of ntop / nprobe
Day 3
- Circumventing DPI
- Passive vs Active DPI
- Check for DPI filtering
- LAB: Using Zapret to circumvent DPI
- LAB: Using GoodbyeDPI to circumvent DPI
- Netfilter Hooks
- What is netfilter hooks?
- Nftables families
- Base chain types / hooks
- Adding / deleting / flushing chains
- LAB: Filtering traffic locally
Day 4
- Payload Inspection
- Using nDPI for payload inspection
- Using WireShark for payload inspection
- Data Plane Development Kit (DPDK)
- Using nDPI over DPDK
Day 5
- SSL/TLS Offloading
- What is SSL/TLS Offloading
- When offloading is necessary
- Using Nginx as an SSL-Offloader
Day 6
- Practical Demonstration
Day 7
- Technical field visit