- 6 Minutes to read
Deep Packet Inspection (DPI) Lite
- 6 Minutes to read
What is Deep Packet Inspection (DPI) (Lite)?
Deep Packet Inspection (DPI) (Lite) is a security feature that allows Organization Admins to block specific ports and protocols from being accessed while connected to your organization’s Virtual Private Gateway.
For example, you can use DPI to block specific messaging services like Snapchat or Viber and peer-to-peer file-sharing apps like Stealthnet or Thunder.
How to enable DPI (Lite)?
- Go to Control Panel → Network → Servers or Gateways. Choose the dedicated server, click Configure next to it, and select Deep Packet Inspection (Lite) from the dropdown menu;
In the request form, select which ports and protocols you want to inspect and block. With NordLayer, you can choose from up to 400 ports and protocols (find the list below);
Once you’re done, click on Request Deep Packet Inspection. Please allow up to 24 hours for the feature to be enabled. You will get an email with the confirmation once it’s ready.
What can you block with DPI (Lite)?
NordLayer allows you to choose from up to 400 ports and protocols to inspect and block. Here are they, listed in alphabetical order:
Category | Ports and Protocols |
---|---|
AdTech | Ads Analytics Track |
Adult Content | Adult Content |
Amazon Alexa Services | Amazon Alexa |
Apple Services | Apple TV Plus, iCloud Private Relay, iCloud, iTunes, Push, Siri, Store |
Authentication, Authorization, and Accounting Protocol | Diameter |
Border Gateway Protocol | BGP |
CAPWAP Protocol | CAPWAP |
Client-server RPC Protocol | RX |
Collaboration Software | GoTo |
Common Object Request Broker Architecture Systems | CORBA |
Constrained Application Protocol | CoAP |
Content-hosting Service | Pastebin |
Crypto | Cryptocurrencies (Bitcoin, Ethereum, Monero) and Mining |
Cybersecurity Services | Avast, Avast Secure DNS, CyberSec, FortiClient |
Distributed Network Protocol 3 | DNP3 |
Distributed Relational Database Architecture | DRDA |
DNS Services | DHCP, DNS, mDNS, OpenDNS |
Dynamic Host Configuration Protocol Version 6 | DHCPv6 |
E-commerce | Alibaba, Amazon, eBay |
EAQ Protocol | EAQ |
Email Client Protocol | POP3, POPS |
Exterior Gateway Protocol | EGP |
File Sharing | Dropbox, FTP (Control and Data), MS OneDrive, Rsync, TFTP |
Financial Information eXchange Protocol | FIX |
Free Online Encyclopedia | Wikipedia |
Gaming | CryNetwork, Dota 2, Electronic Arts, Epic Games, Gaijin Entertainment, GeForce Now, Heroes of the Storm, NVIDIA, Raft, RakNet, Riot Games, Roblox, Source Engine, Steam Datagram Relay, Toca Boca, Activision, Among Us, Armagetron, CrossFire, Dofus, Genshin Impact, Guild Wars, Half-Life 2, MapleStory, Nintendo, PlayStation, Play Store, StarCraft, Steam, Warcraft 3, World of Kung Fu, World of Warcraft, Xbox |
General-purpose Distributed Memory-caching System | Memcached |
Generic Routing Encapsulation Protocol | GRE |
Google Services | Google Chat, Google Classroom, Google Cloud, Google Meet, Data Saver, Gmail, Google, Google Docs, Google Drive, Google Maps, Google Services, Waze |
GPRS Tunneling Protocol | GTP |
GSMA Accredited Global Mobile Network | Truphone |
H. 248 Media Gateway Control Protocol | Megaco |
High-speed Web-based Traffic Analysis | ntopng |
Hypertext Transfer Protocol | HTTP, HTTP2, WebDAV, DoH/DoT, HTTP CONNECT and HTTP Proxy |
IEC60870 Communication Protocol | IEC60870 |
Infrastructure/Networking | AliCloud, Amazon AWS, Beckhoff ADS, Cassandra, Ceph, CIP (Common Industrial Protocol), Cloudflare Warp, Controller Area Network (CAN), DCERPC (Distributed Computing Environment / Remote Procedure Call), Ethernet/IP, Ether-S-Bus, EthersIO, FastCGI, FINS (Fieldbus Interface Specification), FTPS (File Transfer Protocol Secure), Gearman, GTP-C (GPRS Tunneling Protocol Control Plane), GTP' (GPRS Tunneling Protocol Prime), GTP-U (GPRS Tunneling Protocol User Plane), HAProxy, HART-IP (Highway Addressable Remote Transducer over IP), HiSLIP (High-Speed LAN Instrument Protocol), HL7 (Health Level 7), HP Virtgrp (HP Virtual Group), HSRP (Hot Standby Router Protocol), I3D, IEC 62056 (International Electrotechnical Commission standard for electricity metering), IEEE C37.118 (Standard for Synchrophasors for Power Systems), IP PIM (Internet Protocol Protocol Independent Multicast), ISO 9506-1 MMS (Manufacturing Message Specification), KCP (Kademlia Control Protocol), Kismet, Meraki Cloud, NAT-PMP (Network Address Translation - Port Mapping Protocol), OCSP (Online Certificate Status Protocol), OPC UA (OPC Unified Architecture), OpenFlow, PGM (Pragmatic General Multicast), PROFINET IO, PTPv2 (Precision Time Protocol version 2), RESP (REdis Serialization Protocol), RMCP (Remote Management Control Protocol), Roughtime, RTPS (Real-Time Publish-Subscribe), S7commPlus, Service Location Protocol (SLP), SRTP (Secure Real-time Transport Protocol), TP-Link SHP, VXLAN (Virtual Extensible LAN), Yojimbo, Z39.50, Cisco Skinny, Citrix, Cloudflare, CPHA (Checkpoint High Availability), DTLS (Datagram Transport Layer Security), MSSQL-TDS (Microsoft SQL Server Tabular Data Stream), NATS, SOAP (Simple Object Access Protocol), Targus DataSpeed, TLS (Transport Layer Security), VMware, and WSD (Web Services Dynamic Discovery) |
Inter-Asterisk eXchange | IAX |
Internet Control Message Protocol | ICMP, ICMPv6 |
Internet Group Management Protocol | IGMP |
Internet Message Access Protocol | IMAP, IMAPS |
Internet Printing Protocol | IPP |
Internet Protocol Security | IPsec |
IP Tunneling Protocol | IP in IP |
IPv6 Transition Protocol | Teredo |
IT Infrastructure Monitoring Software | Checkmk |
Lightweight Directory Access Protocol | LDAP |
Link-Local Multicast Name Resolution Protocol | LLMNR |
Locator ID Separation Protocol | LISP |
Lotus Notes Web Service Protocol | LotusNotes |
Machine to Machine Network Protocol | MQTT |
Meeting and Calling Software | Fuze |
Messaging Protocol/Services | Line, Line Call, Stomp, Telegram VoIP, Threema, AMQP, IMO, QQ, Signal, Slack, Telegram, Viber, WeChat, WhatsApp, WhatsApp Call, WhatsApp Files |
Microsoft Services | Azure, Outlook, Microsoft (General), Microsoft 365, MySQL, Teams, Windows Update |
Mobile Virtual Network Operator | Tuenti |
Monitoring/SCIM | Munin |
NetFlow Protocol | Netflow |
Network Authentication Protocol | Kerberos |
Network Basic Input/Output System | Netbios |
Network File System Protocol | NFS |
Network Time Protocol | NTP |
News and Email Services | Yahoo |
News Services | AFP, Bloomberg, CNN |
Ookla Speedtest Protocol | Ookla |
Open Collaboration Services API | OCS |
Open Shortest Path First Routing Protocol | OSPF |
OpenID-based Single Sign-on Service | UbuntuOne |
Oracle Services | Oracle |
Other | BACnet, CacheFly, Crashlytics, MS-RPCH, Pluralsight, TeslaServices, UMAS, Xiaomi, NestLogSink |
Peer-to-peer File Sharing | Syncthing, UFTP, BitTorrent, eDonkey, Gnutella, Kontiki, Pandora, TVUPlayer |
Printer Protocol | BJNP |
Protocol that Authenticates Communications | DNSCrypt |
Quick UDP Internet Connections Protocol | QUIC |
Real Time Streaming Protocol | RTSP |
Real-Time Messaging Protocol | RTMP |
Real-time Transport Protocol | RTP |
Relational Database Management System | PostgreSQL |
Remote Access | JSON-RPC, NoMachine, Radmin, RSH, AnyDesk, RADIUS, RDP, TeamViewer, VNC |
RTP Control Protocol | RTCP |
SaaS CRM | Salesforce |
Sampling Technology for Network Monitoring | SFlow |
SAP Services | SAP |
Scalable Service-Oriented Middleware over IP | SOMEIP |
Secure Shell Protocol | SSH |
Secure Simple Mail Transfer Protocol | SMTPS |
Serial Communication Protocol | Modbus |
Server Message Block Application Layer Network Protocol | SMBv1 |
Session Traversal Utilities for NAT Protocol | STUN |
Short Message Peer-to-Peer Protocol | SMPP |
Siemens S7 Communication Protocol | S7comm |
Simple Mail Transfer Protocol | SMTP |
Simple Network Management Protocol | SNMP |
Simple Service Discovery Protocol | SSDP |
Skype-like Services in China | VHUA |
Social Media | Badoo, Facebook VoIP, Facebook Reel Story, Likee, OICQ, Sina, Sina Weibo, Tencent, Tencent Games, Tencent Video, VK, Discord, Facebook, Instagram, IRC, KakaoTalk, KakaoTalk Voice, Last.fm, LinkedIn, Messenger, Pinterest, Reddit, Snapchat, Snapchat Call, TikTok, Tumblr, Twitter |
Socket Secure Network Protocol | SOCKS |
Software Development | Elasticsearch, GitLab, Kafka, Protocol Buffers (Protobuf), Thrift, Tuyalp, AJP, Git, GitHub, MongoDB |
Stream Control Transmission Protocol | SCTP |
Streaming Services | 1kxun, Dailymotion, DAZN, DIRECTV, Edgecast, HBO, iHeartRadio, Livestream, MPEG-DASH, Showtime, SiriusXM Radio, Tidal, TiVo Connect, TuneIn, Vimeo, Vudu, Amazon Video, Deezer, Disney+, Hulu, Icecast, iFlix, Netflix, PPStream, SoundCloud, Spotify, Twitch, Vevo, YouTube, YouTube Upload, Zattoo |
Syslog Protocol | Syslog |
System Statistics Collection Daemon | Collectd |
Telnet Protocol | Telnet |
Tool to Monitor IT Infrastructure | Zabbix |
UBNTAC2 Protocol | UBNTAC2 |
Usenet Protocol | Usenet |
Video Conferencing, Cloud Calling & Screen Sharing | Webex |
Virtual Router Redundancy Protocol | VRRP |
VoIP Protocol | Mumble, SD-RTN, SignalVoIP, Skype Teams, Skype Teams Call, H.323, Jabber, MGCP, MPEG-TS, NoE, SIP, TeamSpeak, Zoom |
VPN Services | Mullvad, OperaVPN, Private Internet Access, ProtonVPN, Psiphon, SoftEther, Tailscale, TunnelBear, UltraSurf, CiscoVPN, Hotspot Shield, OpenVPN, PPTP, Tinc, Tor, WireGuard |
Weather Service | AccuWeather |
WebSocket Protocol | WebSocket |
WHOIS Query and Response Protocol | WHOIS-DAS |
Windows SMB v2/v3 Protocol | SMBv23 |
X Display Manager Control Protocol | XDMCP |
Yandex Services | Cloud, Direct, Disk, Mail, Market, Metrika, Music |
ZeroMQ Message Transport Protocol | ZeroMQ |
Note: In case you have any questions or are experiencing any issues, please feel free to contact our 24/7 customer support team.