If you own and operate a node of which someone is using to route their packets through, you can effectively listen in on that communications. TOR does encrypt its communication between nodes, but it is decrypted, inspected, then encrypted in order to pass through a node, so any packet on a node is for a moment, unencrypted, if the original communication did not have any secondary encryption applied to it.
I am not sure it works like this.
You can only listen on communication if you are the first node (you will know the contents, where traffic comes from and the destination) or the last node (you will know the contents and the destination but not the source).
And onion routing should mean that encryption layers are peeled off as communication travels through the nodes.
