(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit


IT-S 170 - Deep Packet Inspection (DPI)

Code Start Date Duration Venue
IT-S 170 22 August 2022 5 Days Istanbul Registration Form Link
IT-S 170 17 October 2022 5 Days Istanbul Registration Form Link
IT-S 170 12 December 2022 5 Days Istanbul Registration Form Link
Please contact us for fees

 

Course Description

Deep Packet Inspection (DPI) is a type of network packet filtering. Deep packet inspection evaluates the data part and the header of a packet that is transmitted through an inspection point, weeding out any non-compliance to protocol, spam, viruses, intrusions, and any other defined criteria to block the packet from passing through the inspection point. DPI can examine the contents of a message and identify the specific application or service that sent it. In addition, filters can be programmed to look for and reroute network traffic from a specific Internet Protocol address range or a certain online service. 

Course Objectives

  • Understand the concept of legal monitoring in telecommunication systems
  • Understand methods of traffic capturing and analyzing
  • Be aware of technical requirements for supervision
  • Be acquainted with opportunities for operators and service providers

Who Should Attend?

  • R&D specialists
  • Network designers & integrators
  • Network/system administrators & operators
  • Professional services & consultants

Course Details/Schedule

Day 1

  • Shallow Packet Inspection (SPI) 
  • The structure of IP Headers 
  • Packet filtering firewalls, static packet filtering 
  • Stateful firewalls, stateful packet inspecton, dynamic packet filtering Berkeley Packet Filter (eBPF) 
  • What is Berkeley Packet Filter? 
  • Raw interfaces 
  • Classic BPF (cBPF) / Extended BPF (eBPF) differences 
  • BPF Syntax 
  • LAB: Capture traffic using BPF filters 

Day 2

  • Deep Packet Inspection (DPI) 
  • What is deep packet inspection? 
  • How DPI works? 
  • DPI use cases 
  • DPI technologies 
  • Challenges of DPI 
  • Open Source DPI toolkits 
  • High-Speed Web-based Traffic Analysis and Flow Collection using ntopng
  • High-speed packet capture, filtering and analysis using pf_ring
  • An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6: nProbe
  • Open and Extensible LGPLv3 Deep Packet Inspection Library: Ndpi
  • LAB: Installing and using ntopng 
  • LAB: Using pf_ring to capture packets 
  • LAB: Using ndpi on top of ntop / nprobe 

Day 3

  • Circumventing DPI 
  • Passive vs Active DPI 
  • Check for DPI filtering 
  • LAB: Using Zapret to circumvent DPI 
  • LAB: Using GoodbyeDPI to circumvent DPI
  • Netfilter Hooks 
  • What is netfilter hooks? 
  • Nftables families 
  • Base chain types / hooks 
  • Adding / deleting / flushing chains
  • LAB: Filtering traffic locally 

Day 4

  • Payload Inspection 
  • Using nDPI for payload inspection
  • Using WireShark for payload inspection
  • Data Plane Development Kit (DPDK)
  • Using nDPI over DPDK 

Day 5

  • SSL/TLS Offloading 
  • What is SSL/TLS Offloading 
  • When offloading is necessary 
  • Using Nginx as an SSL-Offloader