SEARCH

How-To Geek

What Stops Every Router on the Internet from Sniffing My Traffic?

The information you send from your computer, be it an email, instant message, or request for a web page, passes through dozens of internet routers. What’s stopping them from sniffing all your traffic?

Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.

The Question

SuperUser reader Naughty.Coder wants to know:

Packets travel through internetworks, and take many routes through internet routers. On each route that forwards traffic to another until reaching the ultimate destination, what stops them from viewing the packets they receive/forward?

Now, we’re not saying there’s a correlation between his username and his curiosity about people sniffing his packets, but this is definitely our favorite SuperUser username/question combination to date.

The Answer

SuperUser Kwaio offers some insight:

Short answer : you can’t prevent them from sniffing your traffic, but you can make it meaningless for them by using encryption.

Either use encrypted protocols (HTTPS, SSH, SMTP/TLS, POP/TLS, etc.) or use encrypted tunnels to encapsulate your unencrypted protocols.

For example, if you use HTTPS instead of HTTP, the content of the webpages you fetch will not be readable from those routers.

But remember that they can still save the encrypted packets and try to decrypt them. Decryption is never about “can or can’t”, it’s about “How much time does it take”. So use ciphers and key lengths suitable for the degree of privacy you need, and the “expiration time” of the data you want to “hide”. (meaning if you don’t care if someone gets it a week after the transmission, use a strong protocol. If it’s an hour, you can lower the key length)

If this question and answer pair has piqued your curiosity about protecting your communications, we’d recommend doing a little introductory reading: VPN vs. SSH Tunnel: Which Is More Secure? and Why Most Web Services Don’t Use End-to-End Encryption.


Have something to add to the explanation? Sound off in the the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.

 

Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on if you'd like.

  • Published 12/10/13

Enter Your Email Here to Get Access for Free:

Go check your email!