Watching random traffic over the internet

B

Barometer

Limp Gawd
Joined
Mar 25, 2012
Messages
155
Just curious.......
When IP based traffic is sent from point A to point B, it follows a certain path, called hops I think, to it's destination.

So let's say for example I send a packet to a server somewhere else in the world. My PC sends those packets to my ISP which in turn forwards them to the destination...via certain paths only.

Does that mean that ONLY computers in the path from point A to point B could ever see (or intercept) those packets?

In other words, packets sent over the Internet are only available to be seen by a limited number of (nodes) and not by the entire Internet?
 
Only devices in the path can see the packets, bgp is used to determine the route from router to router to get from point a to point b, so only devices in the path from point a to point b would see the packets. Not getting into if a tunnel is used, or encryption.
 
Barometer said:
In other words, packets sent over the Internet are only available to be seen by a limited number of (nodes) and not by the entire Internet?
Click to expand...
Correct.

However.

traceroute aside, you don't really know which route your packets are going to take once they leave your network. Even two packets leaving your network at the same time can take radically different routes to their destination. Mix into that that if any node is compromised, you don't really know who'll have access to your data. These concerns are mitigated somewhat by more and more traffic being encrypted by default, but that doesn't completely eliminate the risk.

Ultimately you should, absolutely, treat any traffic leaving your control ( network ) as being read by the entire internet.
 
So, does that mean that if, for example, someone in a foreighn country specifically wanted to watch packets from a specific location in the USA, they could not ?

Even if that location had a static IP address such as a business.?
 
No it doesn’t mean that at all. If the path taken is forced to go through a device the foreign country controls then they can read it. Is it likely... maybe not. That’s why grasshoppa said to treat anything leaving your network as if the whole world can see it.
 
ryan_975 said:
No it doesn’t mean that at all. If the path taken is forced to go through a device the foreign country controls then they can read it. Is it likely... maybe not. That’s why grasshoppa said to treat anything leaving your network as if the whole world can see it.
Click to expand...
To expand on this. You have have zero control of your packets once they leave your machine. Typically packets are routed at layer 3 and most of the time packets from the same source network going to the destination will take similar if not the same paths during normal operation. That said, it is a trival thing to route higher in the stack steering certain specific sources or even applications one way while steering other traffic another. It is very common in fact. I even do that at home as I have multiple ISPs. There are also several well publicized cases of bgp subversion accidental or otherwise that have seen traffic routed halfway around the world vs what should have been the preferred path.
 
Examples of traffic being routed to places not intended:
https://www.wired.com/story/google-internet-traffic-china-russia-rerouted/
https://arstechnica.com/information...le-traffic-through-china-telecom-for-2-hours/

As others have stated - once the packet exits your edge device - the places it goes is out of your hands.
While a VPN may offer some additional protection, those packets can be seen, copied and studied later. You are hoping that the VPN encryption is better then any dycryptor being used by the folks spying on your traffic. Or that by the time the bad actor decrypts enough data to see what you sent, that it is outdated information.
 
SPAN Ports and traffic sniffers are a thing. So no - a device doesn't have to receive a packet directly via unicast to see the information.
 
You must log in or register to reply here.
Back
Top