Sniffing unencrypted traffic in datacenter

To perform a successful MITM attack you need one of two things (assuming encryption is not utilized).

  • Exist on the same network of the traffic you are trying to intercept
  • Exist on the path of information of the traffic you are trying to intercept

This means that if someone else has a droplet on the same subnet as you they can potentially eavesdrop on the communications that exist on that network. This monitoring could be done with the help of a network analyzer tool like Wireshark, or with a technique called ARP Poisoning if the conditions are correct.

I don't have any intimate insider knowledge of how the DO droplet isolation or network configuration works, but anytime you transmit sensitive data between any machine (even when both machines exist on the same trusted network) you should be leveraging TLS to mitigate traffic interception.


If your application runs on a datacenter, you trust that datacenter. If you have isolation requirements, you describe it and if the provider tells you that they are met, you should trust him, or not use his service at all.

That being said, if you just use a low cost hosting, where the provider just allows you to install your application on his machines, all traffic between 2 nodes should be encrypted, because you cannot know what is installed on same network and who controls it.

Remember: the sysadmin on a datacenter has physical and low level access on any machine in the datacenter, so you should considere than any data in the datacenter can be read by the datacenter admins. The protection past that point is legal and no longer technic.