Packets travel through internetworks, and take many routes through internet routers. On each route that forwards traffic to another until reaching the ultimate destination, what stops them from viewing the packets they receive/forward?

  • 26
    did you know that if you capture all the packets in an SMTP transmission, dump their data and convert it back to text (unicode nowadays, used to be ascii), you can read the email with little or no modification? people refer to email as a postcard, because there is no envelope to hide it from view as it passes between your host and the server. Commented Nov 26, 2013 at 12:58
  • @FrankThomas interesting! Commented Nov 26, 2013 at 13:09
  • As you can tell from the answers, routers can easily sniff IP traffic. In particular, wireless access points are also routers (or bridges), and they are particularly easy to set up and entice people to use. Commented Nov 26, 2013 at 17:17
  • 2
    @FrankThomas - this is true only if SMTP does not use TLS (by STARTTLS etc.). I thought most servers does not accept unencrypted SMTP from clients (however - I would not my first disappointment in people's approach to security). Commented Nov 26, 2013 at 19:51
  • 2
    @MaciejPiechotka, TLS only encrypts point to point. (Not end to end) Each server can read the message in it's entirety and there is no guarantee that the server will use TLS anyway, even if you do.
    – user606723
    Commented Nov 27, 2013 at 20:32

5 Answers 5


Short answer : you can't prevent them from sniffing your traffic, but you can make it meaningless for them by using encryption.

Either use encrypted protocols (HTTPS, SSH, SMTP/TLS, POP/TLS, etc.) or use encrypted tunnels to encapsulate your unencrypted protocols.

For example, if you use HTTPS instead of HTTP, the content of the webpages you fetch will not be readable from those routers.

But remember that they can still save the encrypted packets and try to decrypt them. Decryption is never about "can or can't", it's about "How much time does it take". So use ciphers and key lengths suitable for the degree of privacy you need, and the "expiration time" of the data you want to "hide". (meaning if you don't care if someone gets it a week after the transmission, use a strong protocol. If it's an hour, you can lower the key length)

  • 5
    Actually, encryption schemes exist that can never be defeated. 'With enough time, any encryption can be broken' is not necessarily true. Commented Nov 26, 2013 at 12:58
  • 5
    @MarcksThomas - please provide at least a link to those unbeatable encryption schemes to show what you mean.
    – SPRBRN
    Commented Nov 26, 2013 at 13:20
  • 20
  • 2
    OTP is an impossible algorithm. the keylength must be the same as the message length, so if you have a secure channel to transmit the key (which is essential, because if you ever use a key for more than one message, the OTP can be attacked through lexicographical analysis), you might as well use that same secure channel to pass the message in the first place. Commented Nov 26, 2013 at 13:31
  • 7
    @FrankThomas The Wikipedia article mentions some situations in which OTPs can actually be useful. The most obvious is where you have a secure channel now but need to be able to communicate with provable security later. For normal communications, however, they are indeed impractical (though hardly "impossible"; ever tried doing AES-256 with paper and pencil?).
    – user
    Commented Nov 26, 2013 at 13:37


Every hop between your computer and the server you are accessing can read the packets you are transmitting and receiving.
You can however encrypt them, so they will be meaningless to any eavesdroppers.

  • 4
    Not "unless", because you can even sniff encrypted traffic. It will be meaningless, unless (!) you use weak encryption.
    – SPRBRN
    Commented Nov 26, 2013 at 13:20

In principle, "packet sniffing" is not a job of routers. Routers don't inspect the content of a packet, they just pick the header of the packet and find a suitable exit interface so that it will reach the destination stated in the packet's header.

However, your packets could be sniffed by anyone interested while the packets are moving. Interested bodies (often called attackers) can stop your packet and sniff it before it reaches the destination. This is called active sniffing, and is performed by firewalls. Another way of sniffing is passive sniffing. This method involves collecting copies of your packets passively. Wireless sniffing is a popular attack method in this category.

You can reduce such risks by using encryption techniques discussed above.


The real answer: Nothing you could do to prevent a router to sniff all of the traffic that flows through it. But that should not be the question - this should be: "What could I do to prevent anybody to read my traffic?" - The answer: "Use only encrypted communication/protocols!". The best thing: Use a VPN between you and your communication partner. For all others: HTTPS instead of HTTP, IMAPS instead of IMAP and so on.


As it was previously mentioned, it is not possible to stop a router from sniffing your data.

There is a simple way to make the listener's life harder by using Tor bundle.

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

It cannot guarantee that your information will be 100% secure but if you use it properly (e.g Don't enable or install browser plugins), your data should be a bit more safe.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .