Hi all,
This may be a bit of a loaded question. i'd like to have a better understanding of DPI (deep packet inspection). I'm asking from an IT admin point of view, not a developers perspective.
So DPI is pretty granular, it can identify -for example- LogMeIn traffic, even though its from a protocol perspective just TCP/TLS traffic. I keep hearing that it looks at the signature, but no one can tell me what this magic signature is. I have wiresharked LogMeIn (and other types) traffic, and i dont see anything in the packets to uniquely distinguish/identify this traffic.
What is this signature? Who creates it? Is there an RFC requiring vendors to place a signature on their traffic? Where can i see this signature when i look inside a wireshark packeted? Does each and every packet (starting from the first SYN) have this signature?