Sorry for being a bit late for the reply, however just suppose that enough resources are used to "convince" hardware manufacturers to add a small code change to their firmware such as "if a packet contains this exact magic word, don't count it and pass it on along with the payload, and possibly send a copy to this other address, again without counting it" where "counting" means also not signaling it is going through the hardware: no management interface would see it, and LEDs on network hardware panels wouldnt even blink.
In other words, to actually see that packet one would have to be on the other side.
Admittedly it's absurdly complicated to do that at global level, but let's say someone in the right place manages to do that, the next level would be doing the same at iron level on computers, so that each subsystem can talk with others and the external world without administration tools noticing, because it's all done through a covert channel set up by closed software. That would be the perfect weapon to build pervasive surveillance that no security software at any privilege level, not even debuggers, would detect.
The only way to find something fishy is going on would be to sniff inter-chip communications locally and set digital analyzers on network cables with appropriate software. Network analyzers could fail if they use the same network chipsets, as would do a normal packet monitor.
Admittedly it's absurdly complicated to do that at global level, but let's say someone in the right place manages to do that, the next level would be doing the same at iron level on computers, so that each subsystem can talk with others and the external world without administration tools noticing, because it's all done through a covert channel set up by closed software. That would be the perfect weapon to build pervasive surveillance that no security software at any privilege level, not even debuggers, would detect.
The only way to find something fishy is going on would be to sniff inter-chip communications locally and set digital analyzers on network cables with appropriate software. Network analyzers could fail if they use the same network chipsets, as would do a normal packet monitor.