This work exposes a side-channel risk in real-time streaming outputs of large language models (LLMs): even with traffic padding and obfuscation deployed, substantial residual information leakage persists—enabling full dialogue reconstruction from encrypted network traffic. To address this, we propose NetEcho, the first end-to-end framework that systematically analyzes the state of side-channel defenses in mainstream LLM applications and achieves high-fidelity dialogue recovery. NetEcho integrates traffic timing modeling, encrypted packet feature extraction, LLM-driven semantic inference, and context-aware alignment—all designed for low overhead and cross-scenario transferability. Empirical evaluation on medical and legal use cases using DeepSeek-v3 and GPT-4o demonstrates an average dialogue recovery rate of 70%, substantially outperforming prior approaches. This is the first study to empirically confirm a substantive security gap in current production-grade side-channel mitigations for LLM streaming.

In the rapidly expanding landscape of Large Language Model (LLM) applications, real-time output streaming has become the dominant interaction paradigm. While this enhances user experience, recent research reveals that it exposes a non-trivial attack surface through network side-channels. Adversaries can exploit patterns in encrypted traffic to infer sensitive information and reconstruct private conversations. In response, LLM providers and third-party services are deploying defenses such as traffic padding and obfuscation to mitigate these vulnerabilities. This paper starts by presenting a systematic analysis of contemporary side-channel defenses in mainstream LLM applications, with a focus on services from vendors like OpenAI and DeepSeek. We identify and examine seven representative deployment scenarios, each incorporating active/passive mitigation techniques. Despite these enhanced security measures, our investigation uncovers significant residual information that remains vulnerable to leakage within the network traffic. Building on this discovery, we introduce NetEcho, a novel, LLM-based framework that comprehensively unleashes the network side-channel risks of today's LLM applications. NetEcho is designed to recover entire conversations -- including both user prompts and LLM responses -- directly from encrypted network traffic. It features a deliberate design that ensures high-fidelity text recovery, transferability across different deployment scenarios, and moderate operational cost. In our evaluations on medical and legal applications built upon leading models like DeepSeek-v3 and GPT-4o, NetEcho can recover avg $sim$70% information of each conversation, demonstrating a critical limitation in current defense mechanisms. We conclude by discussing the implications of our findings and proposing future directions for augmenting network traffic security.