DEEP PACKET INSPECTION
NatSys DPI is a lightweight high performance software solution for
low-end standard x86-64 servers to analyze and modify network traffic.
The total cost of the solution is very low. This is achieved by high-performance
software architecture, such that it's capable to handle multi-gigabit traffic with
millions packets per second on low-end standard hardware.
The system works in very restricted environment, but still accurately assembles
TCP stream and provides access to all network layers for analyzing and altering
We offer the solution customization and performance
optimizations for special client needs.
- Behavioral targeting - "Know your customer" is the key for any business:
it's better to show your site content or advertisement to a user depending
on their interests. DPI gathers and prepares data about user behavior which
provides valuable information about your clients' preferences.
While Web-server logs also provides data which can be used to generate
user profiles, the data is incomplete because it's limited by only one
server. Meantime DPI gives knowledge about real user activity among
many Web-resources. Complete user profile and their browsing history
are invaluable for on-line market research, building
advertising networks and feeding to Sell Side Platform (SSP)
and Data Management Platform (DMP)
of full Real-Time Bidding (RTB) system.
User profile data can be stored on
back-end server (collector) or sent to any remote peer for further analysing.
- On-line advertising - sometimes a user can make a mistake in typing
resource name in his or her browser, a server can return error code due to
overloading or internal issue. In all the cases the user can get your
advertisement instead of looking at annoying "Server is temporary unavailable"
page. This can be done using
DPI interstitials redirects.
- Software-defined networking (SDN) - DPI technology is widely used
to build SDNs. Our DPI solution can be used to build control or data planes
of SDN. Also Flow control module provides Quality
of service (QoS) functionality driven by fine-grained rules.
- Security - DPI is common platform to build
data leakage protection (DLP), intelligent Web-content filtering,
intrusion detection (IDS) or prevention (IPS) systems.
Inline Operation Mode
In inline mode DPI works as common Linux router which can actively filter and
perform deep modifications of traffic on all layers. One of the possible case for
the mode is user flow control, depicted on the image below.
DPI inline mode achieves fault tolerance using bypass network adapters
or standard Linux router failover.
Active Sniffer Operation Mode
In active sniffer operation mode the system can analyze and log traffic
and it's still able to make DNS and HTTP redirects.
DPI in active sniffer mode can be used as shown on the picture below to perform
Interstitial redirects are useful to confirm the user's age prior
to showing age-restricted material, to notify the user about service limitations
or to display advertisements.
DPI can redirect user requests depending on:
- user settings (once per N seconds or requests)
- matching request URI to set of regular expressions
- 400 or 500 HTTP errors
- absence of corresponding DNS record
- custom policy loaded in run-time from Policy Server
Example of interstitial redirect in inline mode:
In sniffing mode redirects still can be made:
DPI works as a common Linux router with traffic control option.
It limits traffic by TCP/UDP ports and/or IPv4/IPv6 addresses and sub-networks.
Control policy can be updated by Policy Server in run-time.
DPI can send (in proxy mode) or store (in configurable representation)
extract of user traffic (clickstream) depending on custom rules.
In proxy mode Cisco RDRv1 or BER ASN.1 formats are supported.
The rules can specify values of particular HTTP headers or user addresses,
i.e. only traffic which matches the rules are captured.
DPI provides very flexible and easy to use configuration for traffic extraction rules.
Also clicksream can be compressed and/or encrypted on-the-fly.
contact with us