This is sample of a traceroute to google.com:
TraceRoute from Network-Tools.com to 216.58.194.46 [google.com]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 206.123.64.233 -
2 Timed out Timed out Timed out -
3 1 1 1 4.68.70.166 google-level3-3x10g.dallas.level3.net
4 1 1 1 108.170.240.129 -
5 1 1 1 209.85.242.53 -
6 1 1 1 216.58.194.46 dfw25s12-in-f14.1e100.net
Trace complete
It obvious there should be some layer two and layer one (physical layer tapping devices) network devices in between that we cannot trace or identify, but they have an important impact on the result.
These layer 2 & 1 network devices have many roles, including security. There are many Agencies or Organizations that capture data on the physical layer or Data link layer like the PRISM surveillance program.
I am looking for theory or practical way to find a way to identify layer 2 devices in order to prove or identify data capturing.