To give a very brief overview: Non-officially, typically, the intruder will rely on a number of potential tactics, for example an ARP spoofing attack, which allows them to view packets in a tool such as Wireshark or Ettercap.
https://en.wikipedia.org/wiki/ARP_spoofing#Defenses
This opens the floodgates though to your question and I'm not going to do a textdump here. Read under the header "Tools", it gives a nice breakdown of examples of detection software available (and those that can be used to carry out ARP spoofing attacks).
Officially, governments and the military already have their own Lawful Interception (LI) systems. Law requires all service providers to install a Legal Interception Gateway (LIG), along Legal Interception Nodes (LIN). These interception measures for governmental surveillance have been in place since the very beginning of digital telephony. I don't know very much about LI systems sorry.
(account deleted)
