Deep Packet Inspection (DPI)

Deep packet inspection (DPI) examines the full content of network packets, not just header metadata, to identify, classify, or block traffic by application, signature, or policy. In a shipboard or port network it sits at the IT/OT boundary, often inside a firewall or intrusion-detection sensor, flagging malware command-and-control, unauthorized protocols reaching navigation or automation systems, or data exfiltration. DPI supports the segmentation that BIMCO and IMO MSC-FAL.1/Circ.3 recommend between business IT and operational technology. It trades privacy and processing overhead for visibility, so it is usually tuned to the constrained bandwidth of a vessel’s satellite link.