View on GitHub


Sniffmap: Map of probable Internet network interception

Download this project as a .zip file Download this project as a tar.gz file

Sniffmap shows risks of interception, per country

Sniffmap is a project to map the potential Internet mass interception performed by NSA and its allies (USA, UK, Canada, Australia, New Zealand). Since Edward Snowden disclosure, the security space has changed: rumors have been confirmed, data points have been available and new knowledge about security exposure and attack vectors is now known. This project tries to put this in easy to grasp visual representation, within the bigger context of

Actually, we get route data not only per country but also per ISP and operator, but for now we didn't find a way to visualize that neatly.


Better display:

Research methodology

As stated in the fateful NSA document, many telecommunication links go through USA and its allies to connect two other countries. This is due to least cost routing and link usage. Therefore, NSA can leverage on this to capture a lot of traffic that otherwise would not go through its points of interception.

To create our dataset, we try to detect each time an internet route between two IP addresses pass by an NSA controlled country and therefore can be considered as intercepted. As you'll see, around 80% of the Internet is captured by NSA and allies.

Our metholody is the following

  1. Choose a random list of target IP address
  2. For each country take all known traceroute gateways
  3. For each traceroute gateways test each target IP address (within a pool of 255 random IP with each of the 255 class A networks)
  4. If this route goes through one NSA-controlled country, mark the route as "bad", otherwise the route is marked as good.
  5. Compute percentage over all routes for a given country (using multiple traceroute gateways hence hopefully multiple ISPs and operators to have meaningful results)

Known bias

There are a few known bias


Ok, so this research deals with routes, so why not using BGP? Well, there are many reasons why we don't use BGP for conducting this analysis:


As you can see, many countries do not have measurement yet. You can help improve this by providing us traceroute results. To do this, simply run the following command (preferrably from machines located within these countries without any data yet.):

$ curl | bash
If you want some debug, try:
$ curl | bash

This will run traceroute (or even mtr if it is installed) and report result to SniffMap.

Traceroute for bitcoins

Bitcoin millionaire, or just happy passionates, you can contribute to this effort: you are wealthy, and not living in one of these countries where we don't have data. But you can still help! You can donate Bitcoins (and other cryptocurrencies), this will become bounty for contributors. We will then redistribute bitcoins to the ones who contribute traceroute data. Donate any amount you wish, mountains are made of atoms.

Send us bounty:

We will also try to rent VMs in countries we need for route diversity and SniffMap analysis.

Receive bounty:
Contribute gateways or traceroute submissions, send us a cryptocurrency address, and we'll redistribute bounty to you! Please communicate your crypto currency address along with your contributed data (source IP or shell account, etc...)


We are definitely looking for people who can help on the coding and on the deployment side of SniffMap. If you want to chat about that, you can join freenode's #tmplab and ask around or send us a mail. Also, have a look on Issues, if you want to help:

Get notified


This research has received contributions such as raw materials, inspiration and collaboration from:

Finally, any question about this project, you can shoot me a mail: phil+sniffmap $((AT))