In a typical network, a network service provider may facilitate the communication of data between multiple parties over the network. For example, email data, multimedia data, video game data, telephonic data, e-commerce data, and any other desired data may be communicated among users of the network. By inspecting the network traffic, much information may be learned about the network, the data traversing the network, and the parties communicating the data. This information may then be used for targeting advertising, enforcing copyrights, detecting viruses, providing tiered network services, etc.
A number of techniques are known for inspecting network traffic. For example, a network service provider may implement a deep-packet inspection (“DPI”) appliance in a network router that connects the service provider's local network to multiple customers' access networks via a digital subscriber line access multiplexer (“DSLAM”). The DPI appliance may be configured to inspect the traffic traversing the access networks to look for specific data (e.g., known viruses) or patterns (e.g., web-browsing habits).
While the current network traffic inspection implementations may produce some useful results, the results may be limited by a number of factors. One factor is that it may be impractical (e.g., it may require too many computational and/or storage resources, or it may slow the network traffic to an undesirable level) to fully inspect each of the likely myriad data packets traversing the network. As such, certain data may ultimately be missed, yielding incomplete results. Another factor is that, even for network traffic that is inspected, each data packet may only contain certain types of information, like header information (e.g., source address, destination address, protocol, etc.) and payload information (e.g., content).
For at least these reasons, it may be desirable to add functionality to current network traffic inspection implementations to potentially address some of the factors limiting their value.