
Deep Packet Inspection
Network traffic analysis technology that reads packet content at the application layer, enabling selective blocking of encrypted communications and censorship without full network shutdown.
Last refreshed: 26 May 2026 · Appears in 1 active topic
Why is China's DPI hardware harder to reverse than a simple internet shutdown?
Timeline for Deep Packet Inspection
Mentioned in: Iran lifts record blackout, 2,093 hours
Iran Conflict 2026Arrived in Iran to enable a tiered switchable censorship system blocking encrypted traffic
Iran Conflict 2026: Iran buys China's internet control dialWhat is deep packet inspection and how does it differ from a VPN block?
Which countries use deep packet inspection to censor the internet?
How does deep packet inspection allow selective censorship without a total shutdown?
Background
Deep Packet Inspection (DPI) is a network-layer technology that examines the full content of data packets as they pass through a routing point, rather than reading only the header information that identifies origin and destination. Standard firewalls and VPN blockers work at the header level; DPI reaches the payload, allowing operators to identify, log, throttle, or block specific protocols, applications, or content streams even when they are encrypted. Because it can distinguish a VPN tunnel from legitimate HTTPS traffic or a Signal call from a WhatsApp video, DPI is qualitatively more powerful than coarser blocking methods: it permits granular, application-specific censorship without taking entire internet routes offline.
DPI has been deployed at national scale most extensively by China, whose 'Great Firewall' uses the technology to enforce granular platform blocking across 1.4 billion users. In 2009 China went further in Xinjiang, combining DPI with full network isolation to cut the region off from the global internet for nearly ten months following ethnic unrest, demonstrating that DPI infrastructure can be deployed either for selective filtering or as a precursor to total shutdown. Russia, Belarus, Kazakhstan, and Ethiopia have each deployed or procured DPI systems in recent years, and its use is documented in surveillance programmes in Western democracies for lawful interception under court authorisation.
In Iran's case, a member of the Supreme Council of Cyberspace confirmed in May 2026 that Chinese DPI hardware had already arrived, intended to replace the blunt wartime internet blackout with a tiered, switchable architecture. The transfer underlines DPI's dual character as both an infrastructure product and a geopolitical export: China's surveillance-technology companies supply hardware that embeds Chinese operational models into foreign state networks. Unlike a shutdown, a DPI-enabled tiered system is effectively irreversible once integrated into a national backbone, making it a durable governance tool rather than a temporary emergency measure.