Performance of OpenDPI to identify truncated network traffic

The identification of the nature of the traffic flowing through a TCP/IP network is a relevant target for traffic engineering and security related tasks. Traditional methods based on port assignments are no longer valid due to the use of ephemeral ports and ciphering. Despite the privacy concerns it arises, Deep Packet Inspection (DPI) is one of the most successful current techniques. Nevertheless, the performance of DPI is strongly limited by computational issues related to the huge amount of data it needs to handle, both in terms of number of packets and the length of the packets. This paper addresses the sensitivity of OpenDPI, one of the most powerful freely available DPI systems, when truncation of the payloads of the monitored traffic is applied. The results show that it is highly dependent on the protocol being monitored.