How to detect eavesdropping by your ISP

connections dropping frequently, rate limiting occuring, and packet loss

Without knowing whether your connection resets are injected TCP reset packets or a result of dropped packets, it's hard to say whether you're actually having your data acted on or just having connection issues. It is entirely conceivable that your line or equipment aren't working quite right.

That said, every sane network provider, ISP, hosting facility, or transit provider monitors interface and by proxy customer bandwidth. Bandwidth caps are very common for residential ISPs in some countries.

None of this addresses whether they're inspecting the contents of your traffic, and unless they're acting on what they see in a way that's visible to you by changing how they handle their traffic (or using your credentials, making stock trades on information you email, etc.), it's impossible to tell. Anybody who routes your traffic is entirely capable of sending a copy to second interface.

When it comes to a 3rd party monitoring you on your own network, looking for diverted traffic is possible. When it comes to asking if somebody who is expected to be in the line of transit is doing something more with the data, there is no trace of it until you see them act on it.


If your ISP has the right equipment in place and configured correctly you have absolutely no way of knowing the level of monitoring that is going on. The technology has existed for years to allow any ISP to store and process network traffic at data rates in ways that are completely undetectable to users.

It's not just your ISP that you have to consider here. The Internet is a patchwork quilt of large and small ISPs all connected through peering connections. When you're connecting to your favorite off-shore porno-tube site you will likely be going through five or more providers on your way to your destination, and any of them may be storing every packet of your connection. Many governments (many of them democracies) have instituted laws requiring ISPs to log traffic for the government's use, so if you're in the US and connecting to a site in the UK for example your traffic is likely available to both the US and UK governments. So it's not about "my ISP", it's about the internet in general.

As for your particular issue it sounds more like connectivity problems over your line to your ISP, or capacity issues between your ISP and their upstream providers. I'd call them and raise a trouble ticker, otherwise they won't know you're having a problem.


This is the only thing I've ever seen that does any sort of tests like what you want. Would be nice to know if there's others.

http://broadband.mpi-sws.org/transparency/

Tags:

Monitoring

Network

Recent Posts