Search code examples
javasocketstcpfileoutputstream

Can sniffers rebuild my transmitted file?

I have the following code:

// in = InputStream inputStream = filePart.getInputStream()
// out = OutputStream out = socket.getOutputStream()

int read = 0;
byte[] bytes = new byte[25 * 1024];
while ((read = inputStream.read(bytes)) != -1) {
    out.write(bytes, 0, read);
}

now, lets assume someone is sniffing my data, can they somehow rebuild each byte im transmitting to rebuild the file im transmitting? I assume so.

Solution

  • Depends.

    Let's assume socket is referring to a network socket, that is, java.net.Socket. Then it depends on the interface that the socket is hooked up to. If, for example, it's the fairly usual:

    • The interface is the network port in this device, to which a cable is attached that goes to a plain jane commercial home-use cable modem, which then goes to the divider-box in the street and from there onto glass fiber, onto the wide internet, to e.g. a datacenter switch station near a place that has loads of data centers, through the pipe to one of these data centers, through their switching infra to the right 'room', to a router, to a hub in a closet, and finally to the server.

    Then in basis almost anywhere this can be 'snooped'. That's why most internet traffic is encrypted. Can be snooped at that hub in the closet in particular, possibly all other servers in that box can just see it if they open up their card in promiscuous mode. If someone is hanging out outside and clipped onto the cable between your house and the divider box at the end of the street, they can probably listen in. Fix this by using e.g. https.

    However, if it's like this: The socket is connected to the virtual interface generated by a VPN driver, then well, the rest of the story of how this gets to the other side probably doesn't matter. At least the entire segment until the signal hops back off the VPN is all within the VPN 'space' and is being physically routed with a layer of indirection. Unless you have some bizarro VPN implementation, that layer will be encrypted. The only ones who can 'sniff' this are if someone installed a snooping driver on your PC. If someone is installing root-level-access software without your knowledge or consent, you're hosed and nothing you do will ever be safe.

    So if we can disregard that case, then in the latter case: No, nobody can snoop that.