New DPI hardware.
..."Breaking such encryption in real-time isn't currently possible,
nor is it desirable from a privacy perspective, but Procera doesn't
need to; most P2P protocols can be detected simply by analyzing header
information, handshake peculiarities, or the way in which a particular
application exchanges encryption keys.
Such telltale traces can give away various kinds of encrypted traffic,
and while the information within remains secure, the entire flow can
be shaped or blocked if desired by the ISP. (Note that this alone
isn't enough to filter copyrighted content, but it can put the kibosh
on entire protocols that might be heavily used for copyright