Technology

Deep Packet Inspection

Network traffic analysis technology that reads packet content at the application layer, enabling selective blocking of encrypted communications and censorship without full network shutdown.

Last refreshed: 26 May 2026 · Appears in 1 active topic

Key Question

Why is China's DPI hardware harder to reverse than a simple internet shutdown?

Timeline for Deep Packet Inspection

#10823 May

Arrived in Iran to enable a tiered switchable censorship system blocking encrypted traffic

Iran Conflict 2026: Iran buys China's internet control dial

View full timeline →

Follow Iran Conflict 2026 →

Common Questions

What is deep packet inspection and how does it differ from a VPN block?: Deep Packet Inspection examines the full content of data packets, not just routing headers. It can identify encrypted VPN tunnels, specific apps, and communication protocols and block or throttle them individually. A standard VPN block only filters by IP address or port; DPI defeats most consumer VPNs by reading the traffic's signature.
Which countries use deep packet inspection to censor the internet?: China operates the most extensive DPI censorship system, the 'Great Firewall'. Russia, Belarus, Kazakhstan, Ethiopia, and Iran have all deployed or procured DPI infrastructure. China used DPI to isolate Xinjiang entirely for ten months in 2009, and Iran confirmed receiving Chinese DPI hardware in May 2026.Source: Freedom House / NetBlocks
How does deep packet inspection allow selective censorship without a total shutdown?: DPI lets operators define rules by application, content type, or user class. A government can block Signal for the general public while permitting it for officials, or throttle VPNs while keeping banking traffic clear, all without taking entire network routes offline.
Why is Iran buying Chinese deep packet inspection technology?: Iran is designing a tiered internet system that would allow selective censorship without the blunt total blackouts used since March 2026. A member of Iran's Supreme Council of Cyberspace confirmed in May 2026 that Chinese DPI hardware had already arrived, modelling the architecture on China's 2009 Xinjiang internet isolation.Source: Lowdown reporting
Can deep packet inspection be reversed once installed in a national network?: DPI infrastructure, once integrated into a national backbone, is technically difficult and politically costly to remove. Unlike a switch-off of routing tables, DPI systems are woven into hardware at exchange points and require active decision-making to dismantle, making them effectively permanent governance tools.

Background

Deep Packet Inspection (DPI) is a network-layer technology that examines the full content of data packets as they pass through a routing point, rather than reading only the header information that identifies origin and destination. Standard firewalls and VPN blockers work at the header level; DPI reaches the payload, allowing operators to identify, log, throttle, or block specific protocols, applications, or content streams even when they are encrypted. Because it can distinguish a VPN tunnel from legitimate HTTPS traffic or a Signal call from a WhatsApp video, DPI is qualitatively more powerful than coarser blocking methods: it permits granular, application-specific censorship without taking entire internet routes offline.

DPI has been deployed at national scale most extensively by China, whose 'Great Firewall' uses the technology to enforce granular platform blocking across 1.4 billion users. In 2009 China went further in Xinjiang, combining DPI with full network isolation to cut the region off from the global internet for nearly ten months following ethnic unrest, demonstrating that DPI infrastructure can be deployed either for selective filtering or as a precursor to total shutdown. Russia, Belarus, Kazakhstan, and Ethiopia have each deployed or procured DPI systems in recent years, and its use is documented in surveillance programmes in Western democracies for lawful interception under court authorisation.

In Iran's case, a member of the Supreme Council of Cyberspace confirmed in May 2026 that Chinese DPI hardware had already arrived, intended to replace the blunt wartime internet blackout with a tiered, switchable architecture. The transfer underlines DPI's dual character as both an infrastructure product and a geopolitical export: China's surveillance-technology companies supply hardware that embeds Chinese operational models into foreign state networks. Unlike a shutdown, a DPI-enabled tiered system is effectively irreversible once integrated into a national backbone, making it a durable governance tool rather than a temporary emergency measure.

Source Material

Freedom on the Net Deep packet inspection

How the World Sees Them

China

Beijing exports DPI as an infrastructure product; its adoption by Iran reflects the spread of the Chinese internet-governance model as a diplomatic and commercial offering.

Iran (government)

Tehran frames DPI procurement as sovereignty infrastructure, promising selective control without total blackouts that damage commerce and diplomatic credibility.

United States / EU

Western governments treat DPI exports from China as dual-use surveillance technology and have moved toward sanctions frameworks targeting Chinese hardware suppliers involved in repressive deployments.

Iran (civil society)

Activists and journalists regard DPI deployment as the institutionalisation of censorship, arguing it will make any post-conflict internet liberalisation much harder to achieve.