I figure it would be something as simple a GET request to a targeted server and following it by way of packet dumps on ISP routers (well, the encrypted packet containing the GET...)
I figure it would be something as simple a GET request to a targeted server and following it by way of packet dumps on ISP routers (well, the encrypted packet containing the GET...)