This is a slightly more refined method of throttling packets than shallow packet inspection, as it looks not only at the packet header but at its length, frequency of transmission and other characteristics to make a rough determination of its content. Sennhauser says the government can use this technique to better classify packets and not throttle traffic sent out by key businesses.
"A lot of things don't explicitly say what they are. For example, a lot of VPN traffic is indistinguishable from SSH traffic, which means that it would be throttled if SSH was," he says. "But what if businesses relied on VPN connections? You'd move the system to fingerprinting, where the two are easily distinguishable."
Deep Packet Inspection / Packet Content Filtering
DPI is the most refined method that the government has for blocking Internet traffic. As mentioned above, deep packet inspectors examine not only a packet's header but also its payload. This gives governments the ability to filter packets at a more surgical level than any of the other techniques discussed so far.
"Viewing a packet's contents doesn't tell you much on its own, especially if it's encrypted," he says. "But combining it with the knowledge gained from fingerprinting and shallow packet inspection, it is usually more than enough to figure out what sort of traffic you're looking at."
There are downsides to using DPI, of course: it's much more complicated to run and is far more labor-intensive than other traffic-shaping technologies. But on the other hand, Sennhauser says there's no magic bullet for getting around DPI as users can usually only temporarily elude it by "finding flaws in their system." And even this won't help for long, as the government can simply correct their system's flaws once they're discovered.
"Once they fix the flaw, you've lost unless you can figure out some real way to circumvent it," Sennhauser notes.
Endgame still unclear
Sennhauser says that the government has employed these technologies smartly despite being caught flat-footed by the initial furor after the election. Indeed, he thinks the only reason that Iran hasn't yet completely shut down dissidents' communications is that they've had to fight with an army of hackers who tirelessly search for flaws in their system.
"It really is an arms race," he says. "They create a problem, we circumvent it, they create another, we get around that one. This continues on until the need to do so is removed. The circumstances which will end the competition aren't clear yet."